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Third Party Systems 


The software is designed to run in an environment containing third party elements meeting certain prerequisites. These 
may include operating systems, directory services, databases, and other components or technologies. See the 
accompanying prerequisites list for details. 


The software may require a minimum version of these elements in order to function. Further, these elements may require 
appropriate configuration and resources such as computing, memory, storage, or bandwidth in order for the software to be 
able to perform in a way that meets the customer requirements. The download, installation, performance, upgrade, 
backup, troubleshooting, and management of these elements is the responsibility of the customer using the third party 
vendor's documentation and guidance. 


Third party systems emulating any these elements must fully adhere to and support the appropriate APIs, standards, and 
protocols in order for the software to function. Support of the software in conjunction with such emulating third party 
elements is determined on a case-by-case basis and may change at any time. 
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About This Guide 


This reference guide is written to provide database administrators comprehensive information for 
understanding and generating Custom Query reports through Micro Focus File Reporter. 


+ Chapter 1, “Overview,” on page 7 
+ Chapter 2, “Custom Query,” on page 13 


+ Chapter 3, “Custom Schema Reference,” on page 25 


Audience 


This manual is intended for database administrators who want to generate Custom Query reports 
using File Reporter 4.0. 


Feedback 


We want to hear your comments and suggestions about this manual and the other documentation 
included with this product. Please use the User Comment feature at the bottom of each page of the 
online documentation, or go to www.novell.com/documentation/feedback.html and enter your 
comments there. 


Documentation Updates 

For the most recent version of the Micro Focus File Reporter 4.0 Database Schema and Custom 
Queries Guide, visit the Micro Focus File Reporter Documentation Web site. 

Additional Documentation 


For additional Micro Focus File Reporter documentation, see the following guides at the Micro Focus 
File Reporter Documentation Web site: 


+ Micro Focus File Reporter 4.0 Installation Guide 


+ Micro Focus File Reporter 4.0 Administration Guide 


Documentation Conventions 


In this documentation, a greater-than symbol (>) is used to separate actions within a step and items 
in a cross-reference path. 


When a single pathname can be written with a backslash for some platforms or a forward slash for 
other platforms, the pathname is presented with a backslash. Users of platforms that require a 
forward slash, such as Linux*, should use forward slashes as required by your software. 


When a startup switch can be written with a forward slash for some platforms or a double hyphen 
for other platforms, the startup switch is presented with a forward slash. Users of platforms that 
require a double hyphen, such as Linux, should use double hyphens as required by your software. 
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About This Guide 


1.1 


1.1.1 


1.1.2 


1.1.3 


Overview 


+ Section 1.1, “Updates,” on page 7 

+ Section 1.2, “Breaking Changes,” on page 8 

+ Section 1.3, “Supported Schema Objects,” on page 8 
+ Section 1.4, “Schema Namespace,” on page 9 

+ Section 1.5, “Supported Tables,” on page 9 

+ Section 1.6, “Supported Views,” on page 11 


+ Section 1.7, “Supported Functions,” on page 11 


Updates 


+ Section 1.1.1, “New Schema for Microsoft 365,” on page 7 
+ Section 1.1.2, “Added Hex String Functions,” on page 7 
+ Section 1.1.3, “Added Path Hash Function,” on page 7 


New Schema for Microsoft 365 


Supported schema for Microsoft 365 data has been added with this release. 


Added Hex String Functions 


The following supported functions have been added for use with conversion to and from bytes and 
their hex string equivalents: 


¢ srs.bytes_to_hex_string 


+ srs.hex_string_to bytes 


Added Path Hash Function 


The following function was added for support of sha256 hashing of path strings: 
¢ srs.path_hash_sha256 


It operates in the same way as the previous srs.path_hash function in that it converts the input string 
to lower case prior to calculating the hash which in this case is SHA-256. 


Currently this function is used for web URL path hashes in Microsoft 365 entries. 


Overview 


1.2 Breaking Changes 


+ Section 1.2.1, “Removed Support for Open Enterprise Server,” on page 8 


> Section 1.2.2, “Deprecated Views,” on page 8 


1.2.1 Removed Support for Open Enterprise Server 


Support for Open Enterprise Server file systems such as NSS and eDirectory identity systems have 
been removed for the 4.0 release. The following tables, views, and functions are no longer present: 

¢ srs.edir_ds trustees 

¢ srs.edir_objects 

¢ srs.edir_security equals 

* srs.ncp_trustees 

¢ srs.current_fs scandata_edir 

è srs.current_ncp_trustees 

¢ srs.previous fs scandata_edir 

è srs.previous_ncp_trustees 

+ srs.baseline_fs scandata_edir 

¢ srs.baseline_ncp_trustees 


¢ srs.ncp_rights_string 


Support for eDirectory and Open Enterprise Server will continue with the File Reporter 3.x product 
line. 


1.22 Deprecated Views 


The following views are now deprecated in favor of their corresponding generic view names: 


¢ srs.current_fs_scandata_ad 
¢ srs.previous fs scandata_ad 


¢ srs.baseline_fs scandata_ad 
Please use the following views instead, as the *_ad views are subject to removal in a later release. 


¢ srs.current_fs_scandata 
+ srs.previous_fs scandata 


+ srs.baseline_fs scandata 


1.3 Supported Schema Objects 


The supported database schema objects include entries in the following categories: 


+ Identity Systems — system name, users, groups, other security principals 


+ Windows File System — file system meta data, permissions 


Overview 


¢ File Content Analysis Data — data related to discovery of search expressions over file content 
+ Microsoft 365 Data — data related to drives, drive items and supporting meta data and 
permissions as well as basic teams and sites info in Microsoft 365 


Although any tables, views, stored procedures and functions in the database can be accessed via 
custom queries, only the tables, views, and functions listed here are supported. 


IMPORTANT: For users who are new to SQL, the supported views might be easier to start with as 
each view provides a simple presentation of several key tables. In addition, the current_* views 
are pre-filtered for only the latest Current scan data. 


More experienced administrators however, will find that performance benefits can arise from 
making direct inline queries against the tables themselves, especially for complex scenarios. 


Schema Namespace 


All supported database objects and functions reside in specific schema namespaces. For example, 
the distinguished name for the table scan_data would be referenced as srs.scan_data when 
using the namespace prefix. 


Although use of the namespace prefix is not required in all cases, there are some cases where it is 
required, such as when referencing a user defined function in Microsoft SQL Server, or when another 
database object of the same name exists in the schema search path. For these reasons you should 
always reference each supported database object and function with its documented namespace 
prefix. 


Supported Tables 


Table 1-1 Supported Database Tables 


Category Table Name Notes 
Windows File System srs.identity_systems List of all identity systems. 
srs.ad_objects List of all scanned Active Directory security 
principals 
srs.ad_memberships Active Directory group memberships 
srs.scan_targets List of all configured scan targets (volumes, 


shares, etc.) 


srs.scans List of all current scans 
srs.scan_history Historical scan summary records 
srs.scan_data All scan data — includes all path and file-specific 


metadata info 
srs.scan_directory_data All directory-specific scan data 


srs.trend_volume_freespace List of all volume free space records 
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Category 


File Content Analysis 


Microsoft 365 


Overview 


Table Name 
srs.ntfs_aces 
srs.security_descriptors 


analysis.file_scan_entries 


ms365.drive_items 
ms365.drive_item_types 
ms365.drive_scans 
ms365.drive_scans_history 


ms365.drives 


ms365.group_drives 


ms365.group_member_types 
ms365.group_members 


ms365.group_sites 


ms365.groups 
ms365.identity_types 


ms365.jobs 


ms365.jobs_history 


ms365.permissions 


ms365.sharing_link_members 


ms365.site_drives 
ms365.sites 
ms365.team_channels 
ms365.teams 
ms365.tenants 


ms365.user_drives 


ms365.users 


Notes 


Scanned NTFS ACEs 
Scanned NTFS security descriptors 


Summary classification data for file content 
analysis entries 


Files and folders in drives, document libraries 
Enumeration table of drive item types 

List of scans against MS365 drives 

Historical summary of drive scans 


List of MS365 drives (document libraries, 
OneDrive for Business drives) 


Mapping of MS365 groups (teams) to associated 
drives 


Enumeration table of group member types 
MS365 group membership associations 


Mapping of MS365 groups (teams) to associated 
sites 


List of discovered MS365 groups 
Enumeration table of identity types 


List of jobs to enumerate MS365 tenant objects 
(teams, sites, groups, users, drives, etc.) 


Historical summary of tenant scans 


Sharing links and direct access permissions for 
drive items 


List of security principals associated with a 
specific sharing link 


List of discovered MS365 drives 

List of discovered MS365 SharePoint sites 
List of discovered Teams Channels 

List of discovered MS365 Teams 
Configured MS365 tenants for scan 


Mapping of MS365 users to drives (OneDrive for 
Business drives) 


List of discovered MS365 users 


1.6 


1.7 


Supported Views 


Table 1-2 Supported Database Views 


Category View Name 


Windows File System srs.current_fs_scans 
srs.current_permissions_scans 
srs.previous_fs_scans 
srs.previous_permissions_scans 
srs.baseline_fs_scans 
srs.baseline_permissions_scans 


srs.current_fs_scandata_ad 


srs.current_fs_scandata 


srs.previous_fs_scandata_ad 
srs.previous_fs_scandata 
srs.baseline_fs_scandata_ad 
srs.baseline_fs_scandata 
srs.current_ntfs_aces 
srs.previous_ntfs_aces 


srs.baseline_ntfs_aces 


Supported Functions 


Table 1-3 Supported Database Functions 


Category View Name 


General srs.byte_string 


srs.attribute_string 


srs.guid_bytes 


Notes 


List of Current file system scans 
List of Current permissions scans 
List of Previous file system scans 
List of Previous permissions scans 
List of Baseline file system scans 
List of Baseline permissions scans 


All file system scan data from Current scans in 
Active Directory environments 


Combined list of all Current file system scan data 


All file system scan data from Previous scans in 
Active Directory environments 


Combined list of all Previous file system scan 
data 


All file system scan data from Baseline scans in 
Active Directory environments 


Combined list of all Baseline file system scan 
data 


All Current permissions scan data in Active 
Directory environments 


All Previous permissions scan data in Active 
Directory environments 


All Baseline permissions scan data in Active 
Directory environments 


Description 


Converts raw number to byte string such as 10 
MB or 3.25 KB 


Converts attributes to string representation 


Converts Guid from string to binary 
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Category 


Identity Systems 


Permissions 


Overview 


View Name 


srs.guid_text 
srs.path_hash 
srs.sid_bytes 
srs.sid_text 


srs.access_mask_basic_string 


srs.access_mask_string 


srs.ace_flags_string 
srs.ace_type_string 


srs.ad_account_name 


Description 


Converts Guid from binary to string 
Calculates SHA-1 hash of full path 
Converts SID from string to binary 
Converts SID from binary to string 


Converts access mask value to basic permissions 
string 


Converts access mask value to string 
representation 


Translates ACE flag to string values 
Translates ACE type to string value 


Combines AD account name elements to a single 
display name 


2 Custom Query 


¢ Section 2.1, “Understanding Table Relationships,” on page 13 
+ Section 2.2, “Scoping and Filtering,” on page 15 


2.1 Understanding Table Relationships 


> Section 2.1.1, “Windows File System Metadata,” on page 14 


> Section 2.1.2, “Windows File System Permissions,” on page 15 
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2.1.1 Windows File System Metadata 


The collected scan data is generally broken down into three major areas: Identity System info, File 
System data, and Permissions data. 


For general file system metadata collection, only file system data is collected, along with minimal 
identity system data pertaining to file and folder owners. 


14 Custom Query 


2.1.2 Windows File System Permissions 


2.2 


r 
File System Data 


NTFS Permissions data is limited to folder structure as well as assigned and inherited NTFS access 
control entries (ACEs). 


It should be noted that permissions scans do not include metadata specific information such as 
directory quota, nor do they include any file-entry data that is not a folder. Only permissions for 
folder, share, and DFS entries are currently collected. 


Scoping and Filtering 


Scoping is the process by which selected data is limited to areas of interest. Areas of interest may 
include all file system data related to a specific identity system, or only data within one or more 
subdirectories. Additionally, data could be scoped as it relates to a given owner or trustee. 

+ Section 2.2.1, “Scope by Identity System,” on page 16 

¢ Section 2.2.2, “Scope by Server,” on page 16 

+ Section 2.2.3, “Scope by Scan Target,” on page 17 

+ Section 2.2.4, “Scope by Directory,” on page 17 

+ Section 2.2.5, “Scope by Directory with Path Depth Limit,” on page 19 


Custom Query 


15 


> Section 2.2.6, “Scope by Security Principal,” on page 20 
> Section 2.2.7, “Basic Filtering,” on page 21 


2.2.1 Scope by Identity System 


Scoping by identity system is as simple as limiting a query to a specific srs.identity_system id value, 
or using one of the supported srs.current_* views, a specific identity system name. 


Example: Select file system data from a given identity system, limited to 100 entries. 


SQL Server 


SELECT TOP(100) * 
FROM srs.current_fs_scandata 
WHERE identity system = 'ad.test.lab'; 


PostgreSQL 


SELECT ~ 

FROM srs.current_fs_scandata 

WHERE identity_system = 'ad.test.lab' 
LIMIT 100; 


2.2.2 Scope by Server 


Scoping by server is as simple as filtering by the server column in the srs.scan_targets table or in one 
of the supported srs.current_* views. 


Also note that the server name may be case sensitive depending on the database collation. 


Example: Select all file system data from a specific server, limited to 100 entries. 


SQL Server 


SELECT TOP(100) * 
FROM srs.current_fs_scandata 


WHERE server = *serverl.ad.test.lab'; 
PostgreSQL 

SELECT * 

FROM srs.current_fs_scandata 

WHERE server = 'serverl.ad.test.lab' 
LIMIT 100; 
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2.2.3 


2.2.4 


Scope by Scan Target 


Scoping by scan target is useful where a specific volume or share name is known. 
Note that the scan target name might be case sensitive depending on the database collation. 


Example: Select file system data from a particular scan target (share or volume) limited to 100 
entries. 


SQL Server 


SELECT TOP(100 
FROM srs.current_fs scandata 
WHERE scan_target = '\\serverl.ad.test.lab\Data’ ; 


PostgreSQL 


SELECT * 

FROM srs.current_fs_scandata 

WHERE scan_target = ‘\\serverl.ad.test.lab\Data’ 
LIMIT 1090; 


Scope by Directory 


Scoping by a particular directory or folder requires the use of the hierarchical markers in the 
srs.scan_data table. These markers assist with determining parent and child folders as well as all 
subordinate file system entries for a given directory or set of directories. 


Field Description Notes 
idx Entry index. Unique per scan. 
parent_idx Index of parent directory, share or For all sibling file system entries, 
DFS name space entry. they will have the same parent 
index. 
path_depth Current path depth relative to root The root path is always depth zero 
path. (0). Other paths such as shares may 


have the same depth as the root 
path, but can be distinguished by 
path_type. 


Entries occurring above the root 
path (such as DFS name spaces) 
will have a negative value. 


ns_left , ns_right Nested set indexes for current Nested set markers provide a quick 
entry. way to determine all subordinates 
for a given directory. 


See examples below for detail. 
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Example: Select all NTFS file system entries subordinate to, and including the specified target path. 


WITH root_path AS ( 
SELECT sd.fullpath, sd.ns_left, sd.ns_right, sd.path_type, sd.scan_id 
FROM srs.current_fs_scandata_ad AS sd 
WHERE sd.fullpath_hash = srs.path_hash('\\serverl1.ad.test.lab\Share\path\subpath' ( 
AND sd.path_type = 2 


) 
SELECT sd.* FROM srs.current_fs_scandata_ad AS sd 
JOIN root_path AS rp ON rp.scan_id = sd.scan_id 
AND rp.ns_left <= sd.ns_left 
AND rp.ns_right >= sd.ns_right; 


In this example, we are using two SELECT statements: one to get the information for the desired root 
path, and one to pull all subordinate entries along with the root path. Notice how the JOIN filter in 
the second SELECT statement uses not only the scan_id to limit the particular scan(s) of interest, but 
also uses the ns_left and ns_right fields to keep the data set limited to file entries in the folder 
hierarchy. 


In the following diagram, an example of the nested set model calculations are shown with an 
example structure under \\Server\Share. In this example, exactly 1,000 file system entries exist, 
including files, folders, and the share itself. 


Figure 2-1 Nested Set Calculations Example 


1 \\Server\Share 2,000 


2  [RootPath] 1,999 


3 Path_A 14 15 Path_B 1,998 


(1,021 File_x 1,022 כ‎ 


4 Folder_A 11 


For each node in the scanned file structure, a left (ns_left) and right (ns_right) value are assigned. 
The values are assigned by traversing the imaginary path from the root down the left side of the 
structure, incrementing the ns_left values by one. Once a leaf node is encountered, the 
incrementing value continues, but is now assigned to ns_right. 


This process continues until the entire graph of the file structure has been traversed, and the root 
path is finally assigned the last number for its ns_right value. 
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2.2.5 


The nested set model has the following characteristics, some of which are vital to hierarchical 
processing, such as determining subordinate objects: 


¢ The root path will always have a ns_left value of 1 and an ns_right value of 2n, where n = the 
total number of entries. 


+ For any given container object (folder, share, etc.), all subordinate entries can be found by 
searching for all objects in the scan having an ns_left value greater than the container path’s 
ns_left value, and an ns_right value less than the container path's ns_right value. 


+ Nested set is generally the fastest method available in relational data models for retrieving all 
subordinate objects when representing hierarchical data. 


For more information on the nested set model, see http://en.wikipedia.org/wiki/Nested_set_model. 


Scope by Directory with Path Depth Limit 


In addition to scoping by directory, it may be useful to start with a given path, but then only include 
subordinate paths within a given range below the selected path. 


In this case, we make use of the same nested set model calculations seen in the previous section, but 
include the use of the path_depth parameter as well. 


Example: Select all paths starting two levels below a given path. 


WITH root_path AS 
SELECT sd.fullpath, sd.ns_left, sd.ns_ right, sd.path_type, sd.scan_id, sd.path_depth 
FROM srs.current_fs_scandata_ad AS sd 
WHERE sd.fullpath_hash = srs.path_hash(*Yiserver1.ad.test.lablSharelGroups*” 
AND sd.path_type = 2 


SELECT sd.* FROM srs.current_fs_scandata_ad AS sd 

JOIN root_path AS rp ON rp.scan_id = sd.scan_id 
rp.ns_left <= sd.ns_left 

rp.ns_right >= sd.ns_right 

AND sd.path_depth > rp.path_depth + 2; -- Upper bound 
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This example is common when folder structures have managed content, such as collaborative or 
group folders, organized below division or department folders one or more layers deep. In order to 
pull all the content from just the group folders themselves, and not include the structural folders, we 
can make use of path depth, but assign the selected path to the root structural folder. 


For a share organized as: 
\\Server\Share\Groups\Departments\GroupA 


The selected path could be \\Server\Share\Groups and the path_depth could be assigned to 
the root_path + 2 or greater, as in the SELECT statement above. 


We could just as easily limit the depth of paths searched by adding another comparison of 
path_depth as a lower bounds: 
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2.2.6 


WITH root_path AS ( 


) 
SELE 
JOIN 

AND 
AND 
AND 
AND 


SELECT sd.fullpath, sd.ns_left, sd.ns_ right, sd.path_type, sd.scan_id, sd.path_depth 
FROM srs.current_fs_scandata_ad AS sd 


WHERE sd.fullpath_hash = srs.path_hash('\\dbdev.db.dtest.lab\home’ ) 
AND sd.path_type = 2 


CT sd.* FROM srs.current_fs_scandata_ad AS sd 
root_path AS rp ON rp.scan_id = sd.scan_id 


rp.ns_left <= sd.ns_left 

rp.ns_right >= sd.ns_right 

sd.path_depth > rp.path_depth + 2 -- Upper bound 

sd.path_depth > rp.path_depth + 3; -- Note that we have a lower bound as well 


Scope by Security Principal 


Scoping by security principal is useful when querying for scan data specific to a given set of owners 
or trustees. 


Example: Select all files for a given server owned by a specific AD user, limited to 100 entries. 


SQL 


Server 


SELECT TOP(100) * 


FROM 


srs.current_fs_scandata_ad 


WHERE owner_domain = ‘AD’ 
AND owner_name = ‘user1'; 


PostgreSQL 


SELECT * 


FROM 


srs.current_fs_scandata_ad 


WHERE owner_domain = 'DB' 
AND owner_name = 'test1' 
LIMIT 1909; 


Example: Select all folders where a user is a direct trustee (not inherited) for NTFS, limited to 100 
entries. 


SQL Server 


SELECT TOP(100) * 


FROM 
WHERE 
AND 


AND 


srs.current_ntfs_aces 
trustee_domain = 'DB' 
trustee_name = 'test1' 
ace_flags & 16 <> 16; 
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PostgreSQL 


SELECT ? 
FROM srs.current_ntfs_aces 
WHERE trustee_domain = 'DB' 


AND trustee_name = 'test1' 
AND ace_flags & 16 <> 16 
LIMIT 100; 


Basic Filtering 
In addition to using filters to scope the range of scan data, basic filtering can also be used to limit the 
results to only records of interest. 


The following is a list of basic filtering examples that may be used as starting templates for queries. 


> “Filter by Path Type” on page 1 

+ “Filter by File Extension” on page 21 
+ “Filter by Date Range” on page 22 

+ “Filter by File Name” on page 22 


Filter by Path Type 


In cases where aggregation or calculations against a discrete set of files is desired, it may be 
necessary to filter out any directories or shares first, since those entries contain size and name data 


that may skew the desired results. 


SELECT * 
FROM srs.current_fs_scandata_ad 
WHERE path_type = 1 -- Note: 1 = file entry 


AND server=*Server1''; 


Filter by File Extension 
This example filters the set of file entries within a given directory structure to just those defined as 
media types. 


SELECT ? 
FROM srs.current_fs_scandata_ad 


WHERE path_type = 1 


AND filename_extension IN ('mp3', ,'4קח'‎ ‘avi’, ‘ogg’, ‘png’, ‘jpg’, 'jpeg'); 


Note that for filename_extension, all values should be lower case. 
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Filter by Date Range 


This example selects all files on the specific server from November 1, 2013 midnight, through 
November 2, 2013 11:59 PM. 


SELECT * 

FROM srs.current_fs_scandata_ad 

WHERE modify time BETWEEN '2013-11-01 00:00:00” AND '2013-11-02 23:59:59” 
AND server=*dbdev.db.dtest.lab' 
AND path_type = 1 -- Files only 


We can also use the familiar >= and <= comparison operators to accomplish the same: 


SELECT * 

FROM srs.current_fs_scandata_ad 

WHERE modify _time >= ‘2013-11-01 00:00:00' 
AND modify_time <= '2013-11-02 23:59:59” 
AND server="dbdev.db.dtest.lab’ 
AND path_type = 1  -- Files only 


Note that the behavior of the BETWEEN operator is inclusive, not exclusive, to the parameters given. 


Also it is important to note with date-time ranges, that a simple date such as ‘2013-11-02’ actually 
represents ‘2013-11-02 00:00:00’, so be careful to include 23:59:59 to the ending date as 
appropriate. 


Finally, it is important to remember that all timestamps stored in the database are stored as UTC 
values, so consideration for time zone offsets may be needed. 


Filter by File Name 


This example shows how to filter by a given file name. 


SELECT * 
FROM srs.current_fs_scandata 
WHERE LOWER(name) = ‘document1.txt'; 


Note the use of the LOWER operator to force a case-insensitive search. Depending on the collation 
of the database instance and the database itself, this operator may be required. 


For wildcard matches, the standard SQL flags _ and % can be used to represent a single or multiple 


characters. 

SELECT * 

FROM srs.current_fs_scandata 

WHERE LOWER(name) LIKE ‘document1.%' ; 


See the following links for database specific info regarding wildcards and other search patterns: 


SQL Server: http://msdn.microsoft.com/en-us/library/ms190301 
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Postgres: http://www.postgresql.org/docs/current/static/functions-matching.html 
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3 Custom Schema Reference 


* Section 3.1, “Tables,” on page 25 
+ Section 3.2, “Views,” חס‎ page 53 


+ Section 3.3, “Functions,” on page 75 


3.1 Tables 


+ Section 3.1.1, “ANALYSIS.FILE_SCAN_ENTRIES,” on page 26 
+ Section 3.1.2, “MS365.DRIVE_ITEM_TYPES,” on page 27 

¢ Section 3.1.3, “MS365.DRIVE_ITEMS,” on page 27 

+ Section 3.1.4, “MS365.DRIVE_SCANS,” on page 28 

+ Section 3.1.5, “MS365.DRIVE_SCANS_HISTORY,” on page 29 
+ Section 3.1.6, “MS365.DRIVES,” on page 30 

+ Section 3.1.7, “MS365.GROUP_DRIVES,” on page 30 

+ Section 3.1.8, “MS365.GROUP_MEMBER_TYPES,” on page 31 
+ Section 3.1.9, “MS365.GROUP_MEMBERS,” on page 31 

> Section 3.1.10, “MS365.GROUP_SITES,” on page 32 

+ Section 3.1.11, “MS365.GROUPS,” on page 32 

+ Section 3.1.12, “MS365.IDENTITY_TYPES,” on page 33 

+ Section 3.1.13, “MS365.JOBS,” on page 33 

+ Section 3.1.14, “MS365.JOBS HISTORY,” on page 4 

+ Section 3.1.15, “MS365.PERMISSIONS,” on page 35 

* Section 3.1.16, “MS365.SHARING_LINK_MEMBERS,” on page 36 
+ Section 3.1.17, “MS365.SITE_DRIVES,” on page 37 

+ Section 3.1.18, “MS365.SITES,” on page 37 

+ Section 3.1.19, “MS365.TEAM_CHANNELS,” on page 8 

* Section 3.1.20, “MS365.TEAMS,” on page 38 

+ Section 3.1.21, “MS365.TENANTS,” on page 9 

+ Section 3.1.22, “MS365.USER_DRIVES,” on page 39 

+ Section 3.1.23, “MS365.USERS,” on page 0 

+ Section 3.1.24, “SRS.AD_MEMBERSHIPS,” on page 41 

+ Section 3.1.25, “SRS.AD_OBJECTS,” on page 41 

+ Section 3.1.26, “SRS.IDENTITY_SYSTEMS,” on page 42 

+ Section 3.1.27, “SRS.NTFS_ACES,” on page 43 

+ Section 3.1.28, “SRS.SCANS,” on page 44 
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+ Section 3.1.29, “SRS.SCAN_DATA,” on page 47 

+ Section 3.1.30, “SRS.SCAN_DIRECTORY_DATA,” on page 48 

+ Section 3.1.31, “SRS.SCAN_HISTORY,” on page 49 

+ Section 3.1.32, “SRS.SCAN_TARGETS,” on page 52 

+ Section 3.1.33, “SRS.SECURITY_DESCRIPTORS,” on page 52 

+ Section 3.1.34, “SRS.TREND_VOLUME_FREESPACE,” on page 53 


3.1.1 ANALYSIS.FILE_SCAN_ENTRIES 


Table 3-1 File Scan Summary Entries Table Definition 


Column Name SQL Server Data Type PostgreSQL Data Type 


id bigint bigint 

scan_time datetime2(3) timestamp without time 
zone 

fullpath nvarchar(max) text 

fullpath_hash binary(20) bytea 

content_hash binary(32) bytea 

size bigint bigint 


modify_time 


datetime2(2) 


timestamp without time 
zone 


classification nvarchar(64) varchar(64) 
category nvarchar(64) varchar(64) 
search_pattern_name nvarchar(64) varchar(64) 
search_pattern_string nvarchar(1024) varchar(1024) 
match_count int int 
match_confidence int int 

job_id int int 
job_definition nvarchar(64) varchar(64) 
status_code int int 
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Notes 
Primary key 


Time when file content 
was scanned 


Full UNC path to the file 


SHA-1 hash of lowercase 
fullpath 


SHA-2 hash of file content 
File size 


Last write time of file 


Classification name 
Category name 
Search pattern name 
Search pattern string 


Number of matches for 
Search Pattern on this 
path 


1= Low 
2 = Medium 
3 = High 


File content scan job ID 
Job definition name 


Processing status code for 
this file entry 


3.1.2 


3.1.3 


MS365.DRIVE_ITEM_TYPES 


Column Name 


item_type 


item_type_name 


SQL Server Data Type 


int 


nvarchar(32) 


MS365.DRIVE_ITEMS 


Column Name 
id 


scan_id 


ms365_id 


ms365_drive_id 


ms365_parent_id 


created_by 


create_time 


item_type 


file_hash 


SQL Server Data Type 
bigint 


bigint 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


datetime2(3) 


int 


varbinary(64) 


PostgreSQL Data Type 


int 


varchar(32) 


PostgreSQL Data Type 
bigint 


bigint 


varchar(256) 


varchar(256) 


varchar(256) 


varchar(256) 


timestamp 


int 


bytea 


Notes 


0 = unknown 
1=file 

2 = folder 

3 =remote_item 


item type description 


Notes 
Primary key 


Reference to primary key 
in ms365.drive_scans 


Unique id provided by MS 
GraphAPIl 


Unique id provided by MS 
GraphAPI for associated 
drive 


Unique id provided by MS 
GraphAPI for parent path 


Unique id provided by MS 
GraphAPI for associated 
identity 


Create time for entry 


0 = unknown 
1=file 

2 = folder 

3 = remote item 


Files only - QuickXorHash 
of entry 


See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 
hashes ?view=graph-rest- 
1.0 
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3.1,4 


Column Name 


child_count 


modified_by 


modify_time 
name 
file_extension 
size 

web_url 


web_url_hash 


SQL Server Data Type 


bigint 


nvarchar(256) 


datetime2(3) 
nvarchar(256) 
nvarchar(32) 
bigint 
nvarchar(max) 


varbinary(32) 


MS365.DRIVE_SCANS 


Column Name 
id 


job_id 


drive_id 


scan_status 


scan_state 


delegated_time 


start_time 
stop_time 


scan_progress data 
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SQL Server Data Type 
bigint 


int 


bigint 


int 


int 


datetime2(3) 


datetime2(3) 
datetime2(3) 


nvarchar(max) 


PostgreSQL Data Type 


bigint 


varchar(256) 


timestamp 
varchar(256) 
varchar(32) 
bigint 

text 


bytea 


PostgreSQL Data Type 
bigint 


int 


bigint 


int 


int 


timestamp 


timestamp 
timestamp 


text 


Notes 


Folders only — number of 
child entries in the folder 
(only includes one level 
deep, not recursive) 


Unique id provided by MS 
GraphAPI for associated 
identity 


Last modified time 
Name of entry 

File name extension 
Size in bytes 

Full path to item 


sha-256 hash of web_url 


Notes 


Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.drives 


0 = Queued 

1 = In progress 
2 = Completed 
3 = Failed 

99 = Canceled 
0 = Pending 

1 = Current 


99 = Marked for cleanup 


Time at which scan was 
requested 


Time when scan started 
Time when scan stopped 


JSON data with scan 
progress details 


3.1.5 


Column Name 


agent_name 


MS365.DRIVE_SCANS_HISTORY 


Column Name 
id 


job_id 


scan_id 


start_time 
stop_time 


drive_id 


drive_name 
web_url 


ms365_drive_id 


scan_progress_status 


agent_name 


scan_status 


scan_state 


result_string 


SQL Server Data Type 


nvarchar(256) 


SQL Server Data Type 
bigint 


int 


bigint 


datetime2(3) 
datetime2(3) 


bigint 


nvarchar(256) 
nvarchar(max) 


nvarchar(256) 


nvarchar(max) 


nvarchar(256) 


int 


int 


nvarchar(max) 


PostgreSQL Data Type 


varchar(256) 


PostgreSQL Data Type 
bigint 


int 


bigint 


timestamp 
timestamp 


bigint 


varchar(256) 
text 


varchar(256) 


text 


varchar(256) 


int2 = Completed 


int 


text 


Notes 


Name of Agent365 server 
performing the scan 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.drive_scans 


Drive scan start time 
Drive scan stop time 


Reference to primary key 
in ms365.drives 


Drive name 
Full path to drive 


Unique id provided by MS 
GraphAPl 


JSON data with scan 
progress details 


Name of Agent365 server 
that performed the scan 


0 = Queued 

1 = In progress 
2 = Completed 
3 = Failed 

99 = Canceled 
0 = Pending 

1 = Current 


99 = Marked for cleanup 


Success or error message 
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3.1.6 


3.1.7 


MS365.DRIVES 


Column Name 
id 


job_id 
tenant_id 
last_update 
ms365_id 


name 


ms365_owner_id 
quota 


web_url 


drive_type 


SQL Server Data Type 
bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(max) 


nvarchar(64) 


MS365.GROUP_DRIVES 


Column Name 
id 


job_id 


tenant_id 


last_update 
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SQL Server Data Type 
bigint 


int 


int 


datetime2(3) 


PostgreSQL Data Type 
bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


varchar(256) 


varchar(256) 


text 


varchar(64) 


PostgreSQL Data Type 
bigint 


int 


int 


timestamp 


Notes 


Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants table 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPl 


Drive name 


Unique id provided by MS 
GraphAPl 


JSON data including 
quota details 


Full web path to drive 


Known values in MS 
GraphAPI include 
+ business 


* documentLibrary 
See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 
drive ?view=graph-rest- 
1.0 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


3.1.8 


3.1.9 


Column Name 


ms365_group_id 


ms365_drive_id 


SQL Server Data Type 


nvarchar(256) 


nvarchar(256) 


PostgreSQL Data Type 


varchar(256) 


varchar(256) 


MS365.GROUP_MEMBER_TYPES 


Column Name 


member_type 


member_type_name 


MS365.GROUP_MEMBERS 


Column Name 
id 


job_id 


tenant_id 


last_update 


ms365_group_id 


ms365_member_id 


member_type 


SQL Server Data Type 


int 


nvarchar(32) 


SQL Server Data Type 


bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


int 


PostgreSQL Data Type 


int 


varchar(32) 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


int 


Notes 


Unique id provided by MS 
GraphAPI for associated 
group 


Unique id provided by MS 
GraphAPI for associated 
drive 


Notes 
0 = direct 
1 = transitive 


Member type description 


Notes 


Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPI for associated 
group 


Unique id provided by MS 
GraphAPI for associated 
member 


0 direct 
1 = transitive 
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3.1.10 


3.1.11 
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MS365.GROUP_SITES 


Column Name 
id 


job_id 


tenant_id 


last_update 


ms365_group_id 


ms365_site_id 


MS365.GROUPS 


Column Name 
id 


job_id 


tenant_id 


last_update 


ms365_id 


display_name 
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SQL Server Data Type 


bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


SQL Server Data Type 


bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


Notes 


Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPI for associated 
group 


Unique id provided by MS 
GraphAPI for associated 
SharePoint site 


Notes 


Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPI 


Friendly name of group 


3.1.12 


3.1.13 


Column Name 


group_types 


onprem_sid 


onprem_dnsdomain 


onprem_netbios 


onprem_samaccount 


SQL Server Data Type 


nvarchar(64) 


varbinary(68) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


MS365.IDENTITY_TYPES 


Column Name 


identity_type 


identity_type_name 


MS365.JOBS 


Column Name 
id 


tenant_id 


start_time 


stop_time 


SQL Server Data Type 


int 


nvarchar(32) 


SQL Server Data Type 
int 


int 


datetime2(3) 


datetime2(3) 


PostgreSQL Data Type 


varchar(64) 


bytea 


varchar(256) 


varchar(256) 


varchar(256) 


PostgreSQL Data Type 


int 


varchar(32) 


PostgreSQL Data Type 
int 


int 


timestamp 


timestamp 


Notes 


One or more of the 
following from MS 
GraphAPI: 

+ Unified 

+ DynamicMembership 

+ [empty string] 
See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 


group?view=graph-rest- 
1.0 


On-premises Security 
Identifier (SID) 


On-premises DNS domain 


On-premises NetBIOS 
domain 


On-premises SAM 
Account Name 


Notes 


0 = unknown 


1 = user 
2 = group 
3 = device 


4 = application 


Identity type description 


Notes 
Primary key 


Reference to primary key 
in ms365.tenants 


Time job started 


Time job stopped 
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3.1.14 


34 


Column Name 


job_status 


job_progress data 


agent_name 


SQL Server Data Type 


int 


nvarchar(max) 


nvarchar(256) 


MS365.JOBS_HISTORY 


Column Name 
id 


job_id 


tenant_id 


tenant_name 


start_time 


stop_time 


job_status 


result_string 


job_progress_ data 


agent_name 
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SQL Server Data Type 
int 


int 


int 


nvarchar(256) 


datetime2(3) 


datetime2(3) 


int 


nvarchar(1024) 


nvarchar(max) 


nvarchar(256) 


PostgreSQL Data Type 


int 


text 


varchar(256) 


PostgreSQL Data Type 
int 


int 


int 


varchar(256) 


timestamp 


timestamp 


int 


varchar(1024) 


text 


varchar(256) 


Notes 


0 = Queued 

1 = In progress 
2 = Completed 
3 = Failed 

99 = Canceled 


JSON data with job 
progress details 


Agent365 server 
performing the scan 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Associated 
* onmicrosoft.com 
tenant name 


Time when job started 


Time when job stopped 


0 = Queued 

1 = In progress 
2 = Completed 
3 = Failed 

99 = Canceled 


Success or failure 
message 


JSON data with job 
progress details 


Agent365 server 
performing the scan 


3.1.15 


MS365.PERMISSIONS 


Column Name 
id 


scan_id 


drive_item_id 


ms365_id 


expire_time 


15 inherited 


has_password 


grantedto_id_type 


grantedto_ms365_id 


grantedto_display_name 


invite_email 


invite_sentby_ms365_id 


invite_sentby_display_name 


invite_signin_required 


link_app_display_name 


link_app_ms365_id 


SQL Server Data Type 


bigint 


bigint 


bigint 


nvarchar(256) 


datetime2(3) 


bit 


bit 


nvarchar(64) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


bit 


nvarchar(256) 


nvarchar(256) 


PostgreSQL Data Type 
bigint 


bigint 


bigint 


varchar(256) 


timestamp 


boolean 


boolean 


varchar(64) 


varchar(256) 


varchar(256) 


varchar(256) 


varchar(256) 


varchar(256) 


boolean 


varchar(256) 


varchar(256) 


Notes 
Primary key 


Reference to primary key 
in ms365.drive_scans 


Reference to primary key 
in ms365.drive_items 


Unique id provided by MS 
GraphAPIl 


Timestamp when link 
expires 


true = inherited 
false = not inherited 


This currently applies only 
to Anonymous sharing 
links 


One of: 


+ user 
+ application 
+ device 
Unique id provided by MS 


GraphAPI for associated 
trustee 


Friendly name of trustee 


Email address of recipient 
(trustee) 


Unique id provided by MS 
GraphAPI for associated 
sender 


Friendly name of sender 


true = sign-in required 
false = sign-in not 
required 


Friendly name of 
application 


Unique id provided by MS 
GraphAPI for associated 
application 
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Column Name 


link_type 


link_scope 


link_prevents_download 


roles 


3.1.16 


Column Name 
id 


permission_id 
scan_id 


display_name 
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SQL Server Data Type 


nvarchar(32) 


nvarchar(32) 


bit 


nvarchar(128) 


SQL Server Data Type 
bigint 


bigint 


bigint 


nvarchar(256) 


PostgreSQL Data Type Notes 


varchar(32) 


varchar(32) 


boolean 


varchar(128) 


MS365.SHARING_LINK_MEMBERS 


PostgreSQL Data Type 
bigint 


bigint 


bigint 


varchar(256) 


One of: 


+ view 

+ edit 
See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 
sharinglink?view=graph- 
rest-1.0 


One of the following from 
MS GraphAPI: 

+ anonymous 

+ organization 
See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 


sharinglink?view=graph- 
rest-1.0 


true = view only 
(download not allowed) 


One of the following from 
MS GraphAPI: 

+ read 

+ write 

+ sp.full control 
See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 


permission?view=graph- 
rest-1.0 


Notes 
Primary key 


Reference to primary key 
in ms365.permissions 


Reference to primary key 
in ms365.drive_scans 


Friendly name of member 


3.1.17 


3.1.18 


Column Name 


ms365_id 


SQL Server Data Type 


nvarchar(256) 


MS365.SITE_DRIVES 


Column Name 
id 


job_id 


tenant_id 


last_update 


ms365_site_id 


ms365_drive_id 


MS365.SITES 


Column Name 
id 


job_id 


tenant_id 


last_update 


ms365_id 


ms365_parent_id 


display_name 


SQL Server Data Type 


bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


SQL Server Data Type 


bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


PostgreSQL Data Type 


varchar(256) 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


varchar(256) 


Notes 


Unique id provided by MS 
GraphAPI for associated 
member 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPI for associated 
SharePoint site 


Unique id provided by MS 
GraphAPI for associated 
drive 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPIl 


Unique id provided by MS 
GraphAPI for associated 
parent site 


Friendly name of 
SharePoint site 
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3.1.19 


3.1.20 
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Column Name SQL Server Data Type 


name nvarchar(256) 
is root bit 
web_url nvarchar(max) 


MS365.TEAM_CHANNELS 


Column Name SQL Server Data Type 


id bigint 

job_id int 

tenant_id int 
last_update datetime2(3) 


ms365_id nvarchar(256) 
team_id bigint 

display_name nvarchar(256) 
web_url nvarchar(256) 
ms365_files folder_id nvarchar(256) 


ms365_files folder_drive_id nvarchar(256) 


MS365.TEAMS 


Column Name SQL Server Data Type 
id bigint 


job_id int 
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PostgreSQL Data Type 


varchar(256) 


boolean 


text 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


bigint 


varchar(256) 
varchar(256) 


varchar(256) 


varchar(256) 


PostgreSQL Data Type 


bigint 


Notes 


Site name 


true = root site (no parent 
sites) 
false = child site 


Full path to SharePoint 
site 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPl 


Reference to primary key 
in ms365.teams 


Friendly name of channel 
Full path to channel 


Unique id provided by MS 
GraphAPI for associated 
path 


Unique id provided by MS 
GraphAPI for associated 
path’s drive 


Notes 


Primary key 


Reference to primary key 
in ms365.jobs 


3.1.21 


3.1.22 


Column Name 


tenant_id 


last_update 


ms365_id 


display_name 


visibility 


web_url 


SQL Server Data Type 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


int 


nvarchar(max) 


MS365.TENANTS 


Column Name 
id 


tenant_name 


ms365_id 


display_name 


default_name 


SQL Server Data Type 
int 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


MS365.USER_DRIVES 


Column Name 
id 


job_id 


tenant_id 


last_update 


SQL Server Data Type 
bigint 


int 


int 


datetime2(3) 


PostgreSQL Data Type 


int 


timestamp 


varchar(256) 


varchar(256) 


int 


text 


PostgreSQL Data Type 


int 


varchar(256) 


varchar(256) 


varchar(256) 


varchar(256) 


PostgreSQL Data Type 
bigint 


int 


int 


timestamp 


Notes 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPl 


Friendly name of team 


0 = private 
1 = public 


Full path to team 


Notes 
Primary key 


Official registered tenant 
name ending with 
“onmicrosoft.com’ 


Unique id provided by MS 
GraphAPIl 


Tenant display name 


Optionally registered DNS 
name set as the “default” 
e.g. corp.example.com 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 
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Column Name 


ms365_user_id 


ms365_drive_id 


3.1.23 MS365.USERS 


Column Name 
id 


job_id 
tenant_id 
last_update 
ms365_id 
display_name 


upn 
given_name 
surname 


onprem_sid 
onprem_dn 
onprem_upn 
onprem_dnsdomain 
onprem_samaccount 


onprem_immutable_id 


account_enabled 
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SQL Server Data Type 


nvarchar(256) 


nvarchar(256) 


SQL Server Data Type 


bigint 


int 


int 


datetime2(3) 


nvarchar(256) 


nvarchar(256) 


nvarchar(1024) 
nvarchar(64) 
nvarchar(64) 


varbinary(68) 


nvarchar(max) 


nvarchar(1024) 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


bit 


PostgreSQL Data Type 


varchar(256) 


varchar(256) 


PostgreSQL Data Type 


bigint 


int 


int 


timestamp 


varchar(256) 


varchar(256) 


varchar(1024) 
varchar(64) 
varchar(64) 


bytea 


text 


varchar(1024) 


varchar(256) 


varchar(256) 


varchar(256) 


boolean 


Notes 


Unique id provided by MS 
GraphAPI for associated 
user 


Unique id provided by MS 
GraphAPI for associated 
drive 


Notes 
Primary key 


Reference to primary key 
in ms365.jobs 


Reference to primary key 
in ms365.tenants 


Last update time for 
database entry 


Unique id provided by MS 
GraphAPl 


Display name - typically 
First Last name 


User Principal Name 
First name 
Last name 


On-premises Security 
Identifier (SID) 


On-premises 
distinguished name 


On-premises User 
Principal Name 


On-premises DNS domain 
name 


On-premises SAM 
Account Name 


Unique id mapping 
synced on-prem user to 
associated MS365 user 


Account is enabled 


3.1.24 


3.1.25 


Column Name 


user_type 


creation_type 


SQL Server Data Type 


nvarchar(64) 


nvarchar(64) 


SRS.AD_MEMBERSHIPS 


Table 3-2 Active Directory Memberships Table Definition 


Column Name 
id 
group_id 


member_id 


SQL Server Data Type 
bigint 
integer 


integer 


SRS.AD_OBJECTS 


Table 3-3 Active Directory Objects Table Definition 


Column Name 


SQL Server Data Type 
integer 
nvarchar(256) 


nvarchar(512) 


nvarchar(256) 


PostgreSQL Data Type 


varchar(64) 


varchar(64) 


PostgreSQL Data Type 
bigint 
integer 


integer 


PostgreSQL Data Type 
integer 
varchar(256) 


varchar(512) 


varchar(256) 


Notes 


Known values from MS 
GraphAPI include: 


* Member 


+ Guest 


See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 
user?view=graph-rest-1.0 


Known values from MS 
GraphAPI include: 


+ [null] 
+ Invitation 
+ LocalAccount 


+ EmailVerified 


See: https:// 
docs.microsoft.com/en- 
us/graph/api/resources/ 
user?view=graph-rest-1.0 


Notes 


Primary key 


Notes 
Primary key 
SAM Account Name 


Full distinguished object 
name 


Domain name 
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3.1.26 


42 


Column Name 
guid 
sid 


object_type 


identity _system_id 


SQL Server Data Type 


binary(16) 
varbinary(68) 


integer 


integer 


SRS.IDENTITY_SYSTEMS 


Table 3-4 Identity Systems Table Definition 


Column Name 


name 


domain 
proxy_account 


is primary 


is managed 


last_modified 
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SQL Server Data Type 


integer 


integer 


nvarchar(256) 


nvarchar(256) 
nvarchar(256) 


bit 


bit 


datetime2(0) 


PostgreSQL Data Type 
bytea 
bytea 


integar 


integer 


PostgreSQL Data Type 
integer 


integer 


varchar(256) 


varchar(256) 
varchar(256) 


boolean 


boolean 


timestamp without 
timezone 


Notes 


Globally Unique Identifier 
Security Identifier 


0 = Unknown / Other 
1 = User 

2 = Group 

3 = Computer 


Reference to primary key 
of identity systems table 


Notes 


Primary key 


0 = Unknown 

1 = Active Directory 
2 = eDirectory 

3 = Windows Local 


Identity system name 

eDirectory - Tree name 

Active Directory — Forest 
FDN 


Active Directory domain 


0 = Not the primary 
identity system 

1 = Primary identity 
system for 
authentication 


0 = Not managed 
(member server, built- 
in domain, etc.) 

1 = Managed, configured 
system 


3.1.27 


SRS.NTFS_ACES 


Table 3-5 NTFS ACEs Table Definition 


Column Name SQL Server Data Type 
id bigint 

scan_data_id bigint 

flags smallint 

ace_type smallint 

access_mask integer 


PostgreSQL Data Type 
bigint 


bigint 


smallint 


smallint 


integer 


Notes 


Primary key 


Reference to scan_data 
table 


0x1 = Object Inherit 

0x2 = Container Inherit 
0x4 = No Propagate 

Ox8 = Inherit Only 

0x10 = Inherited 

0x40 = Successful Access 
0x80 = Failed Access 


0 = Access Allowed 

1 = Access Denied 

2 = System Audit 

9 = Allowed Callback 

10 = Denied Callback 

13 = System Audit 
Callback 


17 = System Mandatory 
Label 


0x1 = Read Data / List 
Directory 

0x2 = Write Data / Create 
File 

0x4 = Append Data / 
Create Subdirectory 

Ox8 = Read Extended 
Attributes 

0x10 = Write Extended 
Attributes 

0x20 = File Execute / 
Traverse 

0x40 = Delete Child 

0x80 = Read Attributes 

0x100 = Write Attributes 

0x10000 = Delete 

0x20000 = Read 
Permissions 

0x40000 = Change 
PermissionsOx80000 = 
Change Owner 

0x100000 = Synchronize 

0x1000000 = Access 
System Security 

0x10000000 = Generic All 

0x20000000 = Generic 
Execute 

0x40000000 = Generic 
Write 

0x80000000 = Generic 
Read 
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3.1.28 
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Column Name 
sid 


index_on_disk 


canonical_index 


SRS.SCANS 


SQL Server Data Type 


varbinary(68) 


smallint 


smallint 


Table 3-6 Scans Table Definition 


Column Name 
id 


scan_policy_id 


triggered_start_time 


scan_start_time 


scan_stop_time 


enum_start_time 


enum_stop_time 


enum_file_count 


enum_directory_count 


enum_link_count 


caching_start_time 
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SQL Server Data Type 


bigint 


integer 


datetime2(3) 


datetime2(3) 


datetime2(3) 


datetime2(3) 


datetime2(3) 


integer 


integer 


integer 


datetime2(3) 


PostgreSQL Data Type 


bytea 


smallint 


smallint 


PostgreSQL Data Type 
bigint 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


timestamp without time 
zone 


timestamp without time 


zone 


timestamp without time 


zone 


integer 


integer 


integer 


timestamp without time 
zone 


Notes 


Trustee SID 


Discovered order of this 
ACE for the associated 
entry as read from the file 
system 


Preferred order in which 
ACE should appear for the 
associated entry 


Notes 


Primary key 


Reference to 
scan_policies table 


Initial time scan 
delegation starts 


Start time when agent 
begins physical scan 


Stop time when agent 
completes physical scan 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Metrics related to agent 
caching 


Column Name 


caching_stop_time 


cached_file_ count 


cached_directory_count 


cached_link_count 


cache_size 


cache_size_max 


metadata_start_time 


metadata_stop_time 


metadata_file_count 


metadata_directory_cou 


nt 


metadata_link_count 


accounts_start_time 


accounts_stop_time 


accounts _object_count 


transfer_start_time 


transfer_stop_time 


SQL Server Data Type 


datetime2(3) 


integer 


integer 


integer 


integer 


integer 


datetime2(3) 


datetime2(3) 


integer 


integer 


integer 


datetime2(3) 


datetime2(3) 


integer 


datetime2(3) 


datetime2(3) 


PostgreSQL Data Type 


timestamp without time 


zone 


integer 


integer 


integer 


integer 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


integer 


integer 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


Notes 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
security principal 
collection 


Agent metrics related to 
security principal 
collection 


Agent metrics related to 
security principal 
collection 


Related to transfer of 
scan file from the Agent 
to the Engine 


Related to transfer of 
scan file from the Agent 
to the Engine 
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Column Name 


db_start_time 


db_stop_time 


scan_type 


scan_target_id 


local_identity_system_id 


retry_count 


status_code 
error_string 


progress_status 


next_retry_time 


ntfs_abe_enabled 


is valid 


agent_name 


SQL Server Data Type 


datetime2(3) 


datetime2(3) 


integer 


integer 


integer 


integer 


integer 
nvarchar(1024) 


integer 


datetime2(0) 


bit 


bit 


nvarchar(256) 


PostgreSQL Data Type 


timestamp without time 
zone 


integer 


integer 


integer 


integer 


integer 
varchar(1024) 


integer 


timestamp without time 
zone 


boolean 


boolean 


varchar(256) 


Notes 


Database insert start 
time* 


Database insert stop 
time* 


0 = None 

1 = File System Data 

2 = Permissions 

4 = Volume Free Space 


Reference to scan_targets 
table 


Current number of scan 
attempts 


Internal status code 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for 
delegation 


1 = Delegated / scan in 
progress 


2 = Scan file transfer in 
progress 


3 = Database update in 
progress 


4 = Current - scan process 
complete 


5 = Database update 
pending 

6 = Previous 

7 = Retained 


Next scheduled time to 
retry a failed scan 


Flag indicating that the 
Windows share has ABE 
enabled 


[Deprecated] 


* Database insert times do not include security equivalence, group membership, or eDirectory 


Directory Service trustee processing, all of which runs in the background. 
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3.1.29 


SRS.SCAN_DATA 


Table 3-7 Scan Data Table Definition 


Column Name SQL Server Data Type 


id bigint 

scan_id integer 
path_type integer 

is_link bit 

name nvarchar(256) 
fullpath nvarchar(max) 
fullpath_hash binary(20) 
filename _extensio nvarchar(32) 
n 

owner_id varbinary(68) 
attributes integer 


PostgreSQL Data 
Type 


bigint 
integer 


integer 


boolean 


varchar(256) 
text 
bytea 


varchar(32) 


bytea 


integer 


Notes 


Primary key 
Reference to scans table 


0 = Unknown 

1=File 

2 = Directory 

3 = File Symbolic Link 

4 = Directory Symbolic Link 
5 = Junction 

6 = Mount Point 

7 = Share 

8 = Volume 

9 = DFS Link 

10 = DFS Folder 

11 = DFS Root 

12 = HSM Stub 

13 = Reparse Point Unknown 
17 = Single Instance Storage Stub 
18 = Named Stream 


Flag indicating entry is a link (symlink, 
hardlink, etc.) 


File or directory name 
Full UNC path to the file system entry 
SHA-1 hash of lowercase fullpath 


Extensions having more than 32 
characters are treated as if they have 
none 


Maps to either a GUID or a SID 


None‏ = 0א0 

Ox1 = Read Only 

0x2 = Archive 

0x4 = System 

0x8 = Hidden 

0x10 = Directory 

0x20 = Compressed 

0x40 = Offline 

0x80 = NTFS device 

0x100 = NTFS Normal 
0x200 = NTFS Temporary 
0x400 = NTFS Sparse File 
0x800 = NTFS Reparse Point 
0x1000 = NTFS Not content indexed 
0x2000 = NTFS Encrypted 
0x4000 = NTFS Virtual 
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Column Name SQL Server Data Type PostgreSQL Data Notes 


Type 
create_time datetime2(0) timestamp without 
time zone 
modify_time datetime2(0) timestamp without 
time zone 
access_time datetime2(0) timestamp without 
time zone 
size bigint bigint For files, actual size; for directories, 
accumulative size of all subordinate files 
size_on_disk bigint bigint Assumes typical allocation unit size of 
4K 
size_compressed bigint bigint Only accurate for NTFS file systems 
idx integer integer Scan index; unique per scan 
parent_idx integer integer Parent index. Used for hierarchical 
relation processing 
path_depth integer integer Entry depth with respect to the scan 
target's root path 
ns_left integer integer Nested-set Left index — used for 
hierarchical relation processing 
ns_right integer integer Nested-set Right index — used for 
hierarchical relation processing 
status_code integer integer 


3.1.30 SRS.SCAN_DIRECTORY_DATA 


Table 3-8 Scan Directory Data Table Definition 


Column Name SQL Server Data Type PostgreSQL Data Type Notes 

id bigint bigint Primary key 

scan_data_id bigint bigint Reference to scan_data 
table 

file_count integer integer Count of all files 
subordinate to this 
directory 

directory_count integer integer Count of all 


subdirectories 


directory_quota bigint bigint Directory quota for this 
directory 
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3.1,31 


Column Name 


directory _quota_flags 


child_file_count 


child_link_count 


child_directory_count 


child_size 


child_size_on_disk 


child_size_compressed 


child_link_size 


SQL Server Data Type 


integer 


integer 


integer 


integer 


bigint 


bigint 


bigint 


bigint 


SRS.SCAN_HISTORY 


Table 3-9 Scan History Table Definition 


Column Name 
id 


identity_system 


scan_target 


file_size 


file_count 


directory_count 


SQL Server Data Type 
integer 


nvarchar(256) 


nvarchar(1024) 


bigint 


integer 


integer 


PostgreSQL Data Type 


integer 


integer 


integer 


integer 


bigint 


bigint 


bigint 


bigint 


PostgreSQL Data Type 
integer 


text 


text 


bigint 


integer 


integer 


Notes 


0 = Unknown 


1 = Enforced 
2 = Disabled 
4 = Incomplete 
8 = Rebuilding 


Count of all immediately 
subordinate files 


Count of all immediately 
subordinate links 


Count of all immediately 
subordinate directories 


Size of all immediately 
subordinate files 


Size on disk of all 
immediately subordinate 
files (assumes 4K 
allocation size) 


Size on disk of all 
immediately subordinate 
compressed files (only 
accurate with NTFS) 


Size of all immediately 
subordinate links 


Notes 
Primary key 


Identity system 
associated with this scan 
target 


UNC path of scan target 


Total aggregate size of all 
files 


Total count of all files 


Total count of all 
directories 
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Column Name 


scan_policy_name 


agent_name 
scan_id 


scan_type 


triggered_start_time 


scan_start_time 


scan_stop_time 


enum_start_time 


enum_stop_time 


enum_file_count 


enum_directory_count 


enum_link_count 


caching start_time 


caching stop time 


cached_file_count 


cached_directory_count 


cached_link_count 


cache_size 
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SQL Server Data Type 


nvarchar(64) 


nvarchar(256) 
integer 


integer 


datetime2(3) 


datetime2(3) 


datetime2(3) 


datetime2(3) 


datetime2(3) 


integer 


integer 


integer 


datetime2(3) 


datetime2(3) 


integer 


integer 


integer 


integer 


PostgreSQL Data Type 


varchar(64) 


text 
integer 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


timestamp without time 
zone 


timestamp without time 


zone 


timestamp without time 
zone 


integer 


integer 


integer 


timestamp without time 
zone 


timestamp without time 
zone 

integer 

integer 


integer 


integer 


Notes 


Scan policy associated 
with this scan 


Scan ID 


0 = None 

1 = File System Data 

2 = Permissions 

4 = Volume Free Space 


Initial time scan 
delegation starts 


Start time when agent 
begins physical scan 


Stop time when agent 
completes physical scan 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Agent metrics related to 
file system object 
enumeration 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Metrics related to agent 
caching 


Column Name 


cache_size_max 


metadata_start_time 


metadata_stop_time 


metadata_file_count 


metadata_directory_cou 


nt 


metadata_link_count 


accounts_start_time 


accounts_stop_time 


accounts _object_count 


transfer_start_time 


transfer_stop_time 


db_start_time 


db_stop_time 


status_code 


error_string 


SQL Server Data Type 


integer 


datetime2(3) 


datetime2(3) 


integer 


integer 


integer 


datetime2(3) 


datetime2(3) 


integer 


datetime2(3) 


datetime2(3) 


datetime2(3) 


datetime2(3) 


integer 


nvarchar(1024) 


PostgreSQL Data Type 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


integer 


integer 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


integer 


timestamp without time 
zone 


timestamp without time 
zone 


timestamp without time 


zone 


integer 


varchar(1024) 


Notes 


Metrics related to agent 
caching 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
filesystem metadata 
collection 


Agent metrics related to 
security principal 
collection 


Agent metrics related to 
security principal 
collection 


Agent metrics related to 
security principal 
collection 


Related to transfer of 
scan file from the Agent 
to the Engine 


Related to transfer of 
scan file from the Agent 
to the Engine 


Database insert start 
time* 


Database insert stop 
time* 


Internal status code 
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3.1.32 


3.1.33 


52 


SRS.SCAN_TARGETS 


Table 3-10 Scan Targets Table Definition 


Column Name 

id 

network_path 
network_path_lower 
server 


identity_system_id 


platform 


filesystem 


cost_per_unit 


SQL Server Data Type 
bigint 

nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


integer 


smallint 


smallint 


money 


SRS.SECURITY_DESCRIPTORS 


Table 3-11 Security Descriptors Table Definition 


Column Name 
id 


scan_data_id 


control 


dacl_present 


sacl_present 
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SQL Server Data Type 
bigint 


bigint 


integer 


bit 


bit 


PostgreSQL Data Type 
bigint 

varchar(256) 

[ Not applicable ] 
varchar(256) 


integer 


smallint 


smallint 


money 


PostgreSQL Data Type 
bigint 


bigint 


integer 


boolean 


boolean 


Notes 


Primary key 


Root path for scan target 


Computed column 


Reference to 
identity_systems table 


0 = Unknown 
1 = Windows 


0 = Unknown 
1 = NTFS 


Not currently used 


Notes 


Primary key 


Reference to scan data 
table 


Security descriptor 
control flags 


Indicates presence of 
DACL entries for this 
security descriptor 


Indicates presence of 
SACL entries for this 
security descriptor 


3.1.34 


3.2 


SRS.TREND_VOLUME_FREESPACE 


Table 3-12 Trend Volume Freespace Table Definition 


Column Name 
id 

scan_id 
identity_system 
network_path 
server 


filesystem 


volume_guid 
volume_label 
volume_bytes_total 
volume_bytes_free 
volume_bytes_used 
allocation_unit_size 
allocation_units_total 
allocation_units_free 
allocation_units_used 
status 


scan_time 


Views 


SQL Server Data Type 
integer 

integer 

nvarchar(256) 
nvarchar(max) 
nvarchar(256) 


integer 


uniqueidentifier 
nvarchar(256) 
bigint 

bigint 

bigint 

integer 

bigint 

bigint 

bigint 

integer 


datetime2(0) 


PostgreSQL Data Type Notes 


integer Primary key 
integer Scan ID 

text 

text Scan target path 
text 


0 = Unknown 
1 = NTFS 


integer 


uuid 
text 
bigint 
bigint 
bigint 
integer 
bigint 
bigint 
bigint 
integer 


timestamp without time 
zone 


+ Section 3.2.1, “SRS.CURRENT_FS_SCANDATA,” on page 54 

+ Section 3.2.2, “SRS.CURRENT_FS_SCANS,” on page 56 

+ Section 3.2.3, “SRS.CURRENT_NTFS_ACES,” on page 57 

+ Section 3.2.4, “SRS.CURRENT_PERMISSIONS_ SCANS,” on page 60 
+ Section 3.2.5, “SRS.PREVIOUS_FS_SCANDATA,” on page 61 

+ Section 3.2.6, “SRS.PREVIOUS_FS_SCANS,” on page 3 

+ Section 3.2.7, “SRS.PREVIOUS_NTFS_ACES,” on page 64 

+ Section 3.2.8, “SRS.PREVIOUS PERMISSIONS SCANS,” on page 67 
+ Section 3.2.9, “SRS.BASELINE_FS_SCANDATA,” on page 68 

+ Section 3.2.10, “SRS.BASELINE_FS SCANS,” on page 70 
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3.2.1 


* Section 3.2.11, “SRS.BASELINE_NTFS_ACES,” on page 71 
+ Section 3.2.12, “SRS.BASELINE_PERMISSIONS_ SCANS,” on page 74 


SRS.CURRENT_FS_SCANDATA 


Table 3-13 Current File System Scan Data Unified View 


Column Name 


identity_system 
domain 

server 
scan_target 


fullpath 


name 
filename_extension 


create_time 


modify_time 


access _time 


size 


size_on_disk 


size_compressed 


owner_identity_syste 
m 


owner_domain 


owner_name 
owner_fdn 
owner_display_name 


owner_id 
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SQL Server Data 


Type 

nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


nvarchar(256) 


nvarchar(max) 


nvarchar(256) 
nvarchar(32) 


datetime2(0) 


datetime2(0) 


datetime2(0) 


bigint 


bigint 


bigint 


nvarchar(256) 


nvarchar(256) 


nvarchar(256) 


nvarchar(512) 


nvarchar(max) 


varbinary(68) 


PostgreSQL Data Type 


varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


text 


varchar(256) 
varchar(32) 


timestamp without time 
zone 


timestamp without time 
zone 


timestamp without time 
zone 


bigint 


bigint 


bigint 


varchar(256) 


varchar(256) 


varchar(256) 
varchar(512) 
text 


bytea 


Notes 


Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


Full UNC path to the file system 
entry 


File or directory name 
File name extension 


Stored as UTC time 


Stored as UTC time 


Stored as UTC time 


For files, actual size; for 
directories, accumulative size of 
all subordinate files 


Assumes typical allocation unit 
size of 4K 


Only accurate for NTFS file 
systems 


Owner’s Identity System name 


Owner’s Active Directory 
domain 


SAM account name 
Full distinguished object name 
Domain\SamAccountName 


Security Identifier (SID) 


Column Name 


attributes 


attribute_string 


fullpath_hash 


idx 


parent_idx 


path_depth 


ns_left 


ns_right 


scan_id 


scan_data_id 


SQL Server Data 
Type 


integer 


nvarchar(256) 


binary(20) 


integer 


integer 


integer 


integer 


integer 


integer 


bigint 


PostgreSQL Data Type 


integer 


varchar(256) 


bytea 


integer 


integer 


integer 


integer 


integer 


integer 


bigint 


Notes 

None‏ = 0א0 

Read Only‏ = 1א0 
0x2 = Archive‏ 
0x4 = System‏ 
0x8 = Hidden‏ 


0x10 = Directory 

0x20 = Compressed 

0x40 = Offline 

0x80 = NTFS device 

0x100 = NTFS Normal 
0x200 = NTFS Temporary 
0x400 = NTFS Sparse File 
0x800 = NTFS Reparse Point 


0x1000 = NTFS Not content 
indexed 


0x2000 = NTFS Encrypted 
0x4000 = NTFS Virtual 


See srs.attribute_string function 


SHA-1 hash of lowercase 
fullpath 


Scan index; unique per scan 


Parent index. Used for 
hierarchical relation processing 


Entry depth with respect to the 
scan target’s root path. 


Nested-set Left index — used for 
hierarchical relation processing 


Nested-set Right index — used 
for hierarchical relation 
processing 


Reference to scans table 


Reference to scan_data table 
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Column Name SQL Server Data PostgreSQL Data Type Notes 


Type 
path_type integer integer 0 = Unknown 
1=File 
2 = Directory 
3 = File Symbolic Link 
4 = Directory Symbolic Link 
5 = Junction 
6 = Mount Point 
7 = Share 
8 = Volume 
9 = DFS Link 
10 = DFS Folder 
11 = DFS Root 
12 = HSM Stub 
13 = Reparse Point Unknown 
17 = Single Instance Storage 
Stub 
18 = Named Stream 
status_code integer integer 


3.2.2 SRS.CURRENT_FS_SCANS 


Table 3-14 Current File System Scans View 


Column Name SQL Server Data PostgreSQL Data Notes 
Type Type 

id bigint bigint Primary key 
scan_id integer integer Reference to scans table 
identity_system nvarchar(256) varchar(256) Identity system name 
domain nvarchar(256) varchar(256) Active Directory domain 
server nvarchar(256) varchar(256) Server name 
scan_target nvarchar(256) varchar(256) UNC root path for scan target 
platform integer integer 0 = Unknown 

1 = Windows 
filesystem integer integer 0 = Unknown 

1=NTFS 
scan_type integer integer Should always be 1 
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3.2.3 


Column Name 


progress status 


identity_system_id 
scan_target_id 
status_code 


ntfs_abe_enabled 


is valid 


agent 


file_count 
directory_count 


link_count 


SRS.CURRENT_NTFS_ACES 


SQL Server Data 
Type 


integer 


integer 
integer 
integer 
bit 


bit 


nvarchar(256) 


integer 


integer 


integer 


Table 3-15 Current NTFS ACEs View 


Column Name 


identity_system 
domain 

server 
scan_target 


fullpath 


trustee_identity_system 


trustee_domain 


SQL Server Data 
Type 


nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(max) 
nvarchar(256) 


nvarchar(256) 


PostgreSQL Data 
Type 


integer 


integer 
integer 
integer 


boolean 


boolean 


varchar(256) 


integer 
integer 


integer 


PostgreSQL Data 
Type 


varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 
text 

varchar(256) 


varchar(256) 


Notes 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for delegation 

1 = Delegated / scan in progress 

2 = Scan file transfer in progress 

3 = Database update in progress 

4 = Current - scan process complete 
5 = Database update pending 

6 = Previous 

7 = Retained 


Reference to identity_systems table 


Reference to scan_targets table 


Flag indicating that the Windows 
share has ABE enabled 


[Deprecated] 


Name of agent that performed the 
scan 


Number of files in the scan 
Number of directories in the scan 


Number of links (junctions, symbolic 
links, reparse points) in the scan 


Notes 


Identity system name 

Active Directory domain 

Server name 

UNC root path for scan target 

Full UNC path to the file system entry 
Trustee’s Identity System name 


Trustee’s Active Directory domain 
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Column Name SQL Server Data 


Type 
trustee_name nvarchar(256) 
trustee_fdn nvarchar(512) 
trustee_display_name nvarchar(max) 
trustee_type integer 
sid varbinary(68) 
access_mask integer 
access_mask_string nvarchar(128) 
basic_permissions nvarchar(128) 
ace_type smallint 
ace type_string nvarchar(128) 
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PostgreSQL Data 
Type 


varchar(256) 
varchar(512) 
text 


integer 


bytea 


integer 


varchar(128) 
varchar(128) 


smallint 


varchar(128) 


Notes 


SAMAccount name 
Full distinguished name 
DOMAIN\SAMAccount 


0 = Unknown / Other 
1 = User 

2 = Group 

3 = Computer 


0x1 = Read Data / List Directory 
0x2 = Write Data / Create File 


0x4 = Append Data / Create 
Subdirectory 


Ox8 = Read Extended Attributes 
0x10 = Write Extended Attributes 
0x20 = File Execute / Traverse 
0x40 = Delete Child 

0x80 = Read Attributes 

0x100 = Write Attributes 
0x10000 = Delete 

0x20000 = Read Permissions 
0x40000 = Change Permissions 
0x80000 = Change Owner 
0x100000 = Synchronize 
0x1000000 = Access System Security 
0x10000000 = Generic All 
0x20000000 = Generic Execute 
0x40000000 = Generic Write 
0x80000000 = Generic Read 


See srs.access_mask_string 
See srs.access_mask_basic_string 


0 = Access Allowed 

1 = Access Denied 

2 = System Audit 

9 = Allowed Callback 

10 = Denied Callback 

13 = System Audit Callback 
17 = System Mandatory Label 


See srs.ace_type_string 


Column Name 


ace_flags 


ace flags string 
idx 


parent_idx 


path_depth 


ns_left 


ns_right 


scan_id 
scan_data_id 


path_type 


status_code 
identity_system_id 
scan_target_id 


ad_object_id 


SQL Server Data 


Type 


smallint 


nvarchar(128) 
integer 


integer 


integer 


integer 


integer 


integer 
bigint 


integer 


integer 
integer 
integer 


integer 


PostgreSQL Data 
Type 


varchar(128) 
integer 


integer 


integer 


integer 


integer 


integer 
bigint 


integer 


integer 
integer 
integer 


integer 


Notes 


Ox1 = Object Inherit 

Ox2 = Container Inherit 
0x4 = No Propagate 

0x8 = Inherit Only 

0x10 = Inherited 

0x40 = Successful Access 
0x80 = Failed Access 


See srs.ace_flags_ string 
Scan index; unique per scan 


Parent index. Used for hierarchical 
relation processing 


Entry depth with respect to the scan 
target’s root path 


Nested-set Left index — used for 
hierarchical relation processing 


Nested-set Right index — used for 
hierarchical relation processing 


Reference to scans table 
Reference to scan_data table 
0 = Unknown 

1=File 

2 = Directory 


3 = File Symbolic Link 
4 = Directory Symbolic Link 


5 = Junction 

6 = Mount Point 
7 = Share 

8 = Volume 

9 = DFS Link 

10 = DFS Folder 
11 = DFS Root 
12 = HSM Stub 


13 = Reparse Point Unknown 
17 = Single Instance Storage Stub 
18 = Named Stream 


Reference to identity_systems table 


Reference to scan_targets table 


Reference to ad_objects table 
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3.2,4 
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SRS.CURRENT_PERMISSIONS_SCANS 


Table 3-16 Current Permissions Scans View 


Column Name 


id 

scan_id 
identity_system 
domain 

server 
scan_target 


platform 


filesystem 


scan_type 


progress status 


identity_system_id 
scan_target_id 
status_code 


ntfs_abe_enabled 


is_valid 


agent 


directory_count 


SQL Server Data 
Type 


bigint 

integer 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


smallint 


smallint 


integer 


integer 


integer 
integer 
integer 


bit 


bit 


nvarchar(256) 


integer 


PostgreSQL Data 
Type 


bigint 
integer 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


smallint 


smallint 


integer 


integer 


integer 
integer 
integer 


boolean 


boolean 


varchar(256) 


integer 


Notes 


Primary key 

Reference to scans table 
Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


0 = Unknown 
1 = Windows 


0 = Unknown 
1=NTFS 


Should always be 2 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for delegation 

1 = Delegated / scan in progress 

2 = Scan file transfer in progress 

3 = Database update in progress 

4 = Current - scan process complete 
5 = Database update pending 

6 = Previous 

7 = Retained 


Reference to identity_systems table 


Reference to scan_targets table 


Flag indicating that the Windows 
share has ABE enabled 


[Deprecated] 


Name of agent that performed the 
scan 


Number of directories in the scan 


3.2.5 


SRS.PREVIOUS_FS_SCANDATA 


Table 3-17 Previous File System Scan Data Unified View 


Column Name 


identity_system 
domain 

server 
scan_target 


fullpath 


name 
filename_extension 


create_time 


modify_time 


access time 


size 


size_on_disk 


size_compressed 
owner_identity_system 
owner_domain 
owner_name 
owner_fdn 
owner_display_name 


owner_id 


SQL Server Data 


Type 

nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


nvarchar(256) 


nvarchar(max) 


nvarchar(256) 
nvarchar(32) 


datetime2(0) 


datetime2(0) 


datetime2(0) 


bigint 


bigint 


bigint 

nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


nvarchar(512) 


nvarchar(max) 


varbinary(68) 


PostgreSQL Data 
Type 


varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


text 


varchar(256) 
varchar(32) 


timestamp without 
time zone 


timestamp without 
time zone 


timestamp without 
time zone 


bigint 


bigint 


bigint 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(512) 
text 


bytea 


Notes 


Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


Full UNC path to the file system 
entry 


File or directory name 
File name extension 


Stored as UTC time 


Stored as UTC time 


Stored as UTC time 


For files, actual size; for directories, 
accumulative size of all subordinate 
files 


Assumes typical allocation unit size 
of 4K 


Only accurate for NTFS file systems 
Owner’s Identity System name 
Owner’s Active Directory domain 
SAM Account name 

Full distinguished object name 
DOMAIN\SamAccountName 


Security Identifier (SID) 
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Column Name 


attributes 


attribute_string 
fullpath_hash 
idx 


parent_idx 


path_depth 


ns_left 


ns_right 


scan_id 


scan_data_id 
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SQL Server Data 
Type 


integer 


nvarchar(256) 
binary(20) 
integer 


integer 


integer 


integer 


integer 


integer 


bigint 


PostgreSQL Data 
Type 


integer 


varchar(256) 
bytea 
integer 


integer 


integer 


integer 


integer 


integer 


bigint 


Notes 

None‏ = 0א0 

Ox1 = Read Only 
0x2 = Archive 
0x4 = System 
0x8 = Hidden 


0x10 = Directory 

0x20 = Compressed 

0x40 = Offline 

0x80 = NTFS device 

0x100 = NTFS Normal 
0x200 = NTFS Temporary 
0x400 = NTFS Sparse File 
0x800 = NTFS Reparse Point 
0x1000 = NTFS Not content indexed 
0x2000 = NTFS Encrypted 
0x4000 = NTFS Virtual 


See srs.attribute_string function 
SHA-1 hash of lowercase fullpath 
Scan index; unique per scan 


Parent index. Used for hierarchical 
relation processing 


Entry depth with respect to the scan 
target’s root path 


Nested-set Left index — used for 
hierarchical relation processing 


Nested-set Right index — used for 
hierarchical relation processing 


Reference to scans table 


Reference to scan_data table 


3.2.6 


Column Name 


path_type 


status_code 


SQL Server Data 
Type 


integer 


integer 


SRS.PREVIOUS_FS_SCANS 


Table 3-18 Previous File System Scans View 


Column Name 


id 

scan_id 

identity system 
domain 

server 
scan_target 


platform 


filesystem 


scan_type 


SQL Server Data 
Type 


bigint 

integer 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


integer 


integer 


integer 


PostgreSQL Data 
Type 


integer 


integer 


PostgreSQL Data 
Type 


bigint 
integer 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


integer 


integer 


integer 


Notes 


0 = Unknown 

1=File 

2 = Directory 

3 = File Symbolic Link 

4 = Directory Symbolic Link 


5 = Junction 

6 = Mount Point 
7 = Share 

8 = Volume 

9 = DFS Link 

10 = DFS Folder 
11 = DFS Root 
12 = HSM Stub 


13 = Reparse Point Unknown 
17 = Single Instance Storage Stub 
18 = Named Stream 


Notes 


Primary key 

Reference to scans table 
Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


0 = Unknown 
1 = Windows 


0 = Unknown 
1 = NTFS 


Should always be 1 
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Column Name 


progress_status 


identity _system_id 
scan_target_id 
status_code 


ntfs_abe_enabled 
agent 


file_count 
directory_count 


link_count 


3.2.7 


SQL Server Data 
Type 


integer 


integer 
integer 
integer 


bit 


nvarchar(256) 


integer 
integer 


integer 


SRS.PREVIOUS_NTFS_ACES 


Table 3-19 Previous NTFS ACEs View 


Column Name 


identity system 

domain 

server 

scan_target 

fullpath 
trustee_identity_system 


trustee_domain 
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SQL Server Data 
Type 


nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(max) 
nvarchar(256) 


nvarchar(256) 


PostgreSQL Data 
Type 


integer 


integer 
integer 
integer 


boolean 


varchar(256) 


integer 
integer 


integer 


PostgreSQL Data 
Type 


varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 
text 

varchar(256) 


varchar(256) 


Notes 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for delegation 

1 = Delegated / scan in progress 
2 = Scan file transfer in progress 
3 = Database update in progress 
4 = Current - scan process 


complete 
5 = Database update pending 
6 = Previous 
7 = Retained 


Flag indicating that the Windows 
share has ABE enabled 


Name of agent that performed the 
scan 


Number of files in the scan 
Number of directories in the scan 


Number of links (junctions, 
symbolic links, reparse points) in 
the scan 


Notes 


Identity system name 

Active Directory domain 

Server name 

UNC root path for scan target 

Full UNC path to the file system entry 
Trustee’s Identity System name 


Trustee’s Active Directory domain 


Column Name 


trustee_name 


trustee_fdn 


trustee_display_name 


trustee_type 


sid 


access_mask 


access_mask_string 


basic_permissions 


ace_type 


ace _type_string 


SQL Server Data 
Type 


nvarchar(256) 
nvarchar(512) 
nvarchar(max) 


integer 


varbinary(68) 


integer 


nvarchar(128) 
nvarchar(128) 


smallint 


nvarchar(128) 


PostgreSQL Data 
Type 


varchar(256) 
varchar(512) 
text 


integer 


bytea 


integer 


varchar(128) 
varchar(128) 


smallint 


varchar(128) 


Notes 


SAMAccount name 
Full distinguished name 
DOMAIN\SAMAccount 


0 = Unknown / Other 
1 = User 

2 = Group 

3 = Computer 


0x1 = Read Data / List Directory 
0x2 = Write Data / Create File 


0x4 = Append Data / Create 
Subdirectory 


Ox8 = Read Extended Attributes 
0x10 = Write Extended Attributes 
0x20 = File Execute / Traverse 
0x40 = Delete Child 

0x80 = Read Attributes 

0x100 = Write Attributes 
0x10000 = Delete 

0x20000 = Read Permissions 
0x40000 = Change Permissions 
0x80000 = Change Owner 
0x100000 = Synchronize 
0x1000000 = Access System Security 
0x10000000 = Generic All 
0x20000000 = Generic Execute 
0x40000000 = Generic Write 
0x80000000 = Generic Read 


See srs.access_mask_string 
See srs.access_mask_basic_string 


0 = Access Allowed 

1 = Access Denied 

2 = System Audit 

9 = Allowed Callback 

10 = Denied Callback 

13 = System Audit Callback 
17 = System Mandatory Label 


See srs.ace_type_string 
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Column Name 


ace_flags 


ace flags string 
idx 


parent_idx 


path_depth 


ns_left 


ns_right 


scan_id 
scan_data_id 


path_type 


status_code 
identity_system_id 
scan_target_id 


ad_object_id 
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SQL Server Data PostgreSQL Data 


Type Type 
smallint 

nvarchar(128) varchar(128) 
integer integer 
integer integer 
integer integer 
integer integer 
integer integer 
integer integer 
bigint bigint 
integer integer 
integer integer 
integer integer 
integer integer 
integer integer 


Notes 


0x1 = Object Inherit 

0x2 = Container Inherit 
0x4 = No Propagate 

Ox8 = Inherit Only 

0x10 = Inherited 

0x40 = Successful Access 
0x80 = Failed Access 


See srs.ace_flags_ string 
Scan index; unique per scan 


Parent index. Used for hierarchical 
relation processing 


Entry depth with respect to the scan 
target’s root path 


Nested-set Left index — used for 
hierarchical relation processing 


Nested-set Right index — used for 
hierarchical relation processing 


Reference to scans table 
Reference to scan_data table 
0 = Unknown 

1=File 

2 = Directory 


3 = File Symbolic Link 
4 = Directory Symbolic Link 


5 = Junction 

6 = Mount Point 
7 = Share 

8 = Volume 

9 = DFS Link 

10 = DFS Folder 
11 = DFS Root 
12 = HSM Stub 


13 = Reparse Point Unknown 
17 = Single Instance Storage Stub 
18 = Named Stream 


Reference to identity_systems table 
Reference to scan_targets table 


Reference to ad_objects table 


3.2.8 


SRS.PREVIOUS_PERMISSIONS_SCANS 


Table 3-20 Previous Permissions Scans View 


Column Name 


id 

scan_id 
identity_system 
domain 

server 
scan_target 


platform 


filesystem 


scan_type 


progress_status 


identity _system_id 
scan_target_id 
status_code 


ntfs_abe_enabled 


agent 


directory_count 


SQL Server Data 
Type 


bigint 

integer 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


smallint 


smallint 


integer 


integer 


integer 
integer 
integer 


bit 


nvarchar(256) 


integer 


PostgreSQL Data 
Type 


bigint 
integer 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


smallint 


smallint 


integer 


integer 


integer 
integer 
integer 


boolean 


varchar(256) 


integer 


Notes 


Primary key 

Reference to scans table 
Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


0 = Unknown 
1 = Windows 


0 = Unknown 
1 = NTFS 


Should always be 2 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for delegation 

1 = Delegated / scan in progress 

2 = Scan file transfer in progress 

3 = Database update in progress 

4 = Current - scan process complete 
5 = Database update pending 

6 = Previous 

7 = Retained 


Reference to identity_systems table 


Reference to scan_targets table 


Flag indicating that the Windows 
share has ABE enabled 


Name of agent that performed the 
scan 


Number of directories in the scan 


Custom Schema Reference 


67 


68 


3.2.9 


SRS.BASELINE_FS_SCANDATA 


Table 3-21 Baseline File System Scan Data Unified View 


Column Name 


identity_system 
domain 

server 
scan_target 


fullpath 


name 
filename_extension 


create_time 


modify_time 


access time 


size 


size_on_disk 


size_compressed 
owner_identity_system 
owner_domain 
owner_name 
owner_fdn 
owner_display_name 


owner_id 
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SQL Server Data 


Type 

nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


nvarchar(256) 


nvarchar(max) 


nvarchar(256) 
nvarchar(32) 


datetime2(0) 


datetime2(0) 


datetime2(0) 


bigint 


bigint 


bigint 

nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


nvarchar(512) 


nvarchar(max) 


varbinary(68) 


PostgreSQL Data 
Type 


varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


text 


varchar(256) 
varchar(32) 


timestamp without 
time zone 


timestamp without 
time zone 


timestamp without 
time zone 


bigint 


bigint 


bigint 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(512) 
text 


bytea 


Notes 


Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


Full UNC path to the file system 
entry 


File or directory name 
File name extension 


Stored as UTC time 


Stored as UTC time 


Stored as UTC time 


For files, actual size; for directories, 
accumulative size of all subordinate 
files 


Assumes typical allocation unit size 
of 4K 


Only accurate for NTFS file systems 
Owner’s Identity System name 
Owner’s Active Directory domain 
SAM Account name 

Full distinguished object name 
DOMAIN\SamAccountName 


Security Identifier (SID) 


Column Name 


attributes 


attribute_string 
fullpath_hash 
idx 


parent_idx 


path_depth 


ns_left 


ns_right 


scan_id 


scan_data_id 


SQL Server Data 
Type 


integer 


nvarchar(256) 
binary(20) 
integer 


integer 


integer 


integer 


integer 


integer 


bigint 


PostgreSQL Data 
Type 


integer 


varchar(256) 
bytea 
integer 


integer 


integer 


integer 


integer 


integer 


bigint 


Notes 

None‏ = 0א0 

0x1 = Read Only 
0x2 = Archive 
0x4 = System 
0x8 = Hidden 


0x10 = Directory 

0x20 = Compressed 

0x40 = Offline 

0x80 = NTFS device 

0x100 = NTFS Normal 
0x200 = NTFS Temporary 
0x400 = NTFS Sparse File 
0x800 = NTFS Reparse Point 
0x1000 = NTFS Not content indexed 
0x2000 = NTFS Encrypted 
0x4000 = NTFS Virtual 


See srs.attribute_string function 
SHA-1 hash of lowercase fullpath 
Scan index; unique per scan 


Parent index. Used for hierarchical 
relation processing 


Entry depth with respect to the scan 
target’s root path 


Nested-set Left index — used for 
hierarchical relation processing 


Nested-set Right index — used for 
hierarchical relation processing 


Reference to scans table 


Reference to scan_data table 
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3.2.10 


70 


Column Name 


path_type 


status_code 


SQL Server Data 
Type 


integer 


integer 


SRS.BASELINE_FS_SCANS 


Table 3-22 Baseline File System Scans View 


Column Name 


id 

scan_id 
identity_system 
domain 

server 
scan_target 


platform 


filesystem 


scan_type 
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SQL Server Data 
Type 


bigint 

integer 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


integer 


integer 


integer 


PostgreSQL Data 
Type 


integer 


integer 


PosgreSQL Data 
Type 


bigint 
integer 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


integer 


integer 


integer 


Notes 


0 = Unknown 

1=File 

2 = Directory 

3 = File Symbolic Link 

4 = Directory Symbolic Link 


5 = Junction 

6 = Mount Point 
7 = Share 

8 = Volume 

9 = DFS Link 

10 = DFS Folder 
11 = DFS Root 
12 = HSM Stub 


13 = Reparse Point Unknown 
17 = Single Instance Storage Stub 
18 = Named Stream 


Notes 


Primary key 

Reference to scans table 
Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


0 = Unknown 
1 = Windows 


0 = Unknown 
1 = NTFS 


Should always be 1 


3.2.11 


Column Name 


progress_status 


identity_system_id 
scan_target_id 
status_code 


ntfs_abe_enabled 


agent 


file_count 
directory_count 


link_count 


SRS.BASELINE_NTFS_ACES 


SQL Server Data 
Type 


integer 


integer 
integer 
integer 


bit 


nvarchar(256) 


integer 
integer 


integer 


Table 3-23 Baseline NTFS ACEs View 


Column Name 


identity_system 
domain 

server 
scan_target 


fullpath 


trustee_identity_system 


trustee_domain 


SQL Server Data 
Type 


nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


nvarchar(max) 


nvarchar(256) 


nvarchar(256) 


PosgreSQL Data 
Type 


integer 


integer 
integer 
integer 


boolean 


varchar(256) 


integer 
integer 


integer 


PosgreSQL Data 
Type 


varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


text 


varchar(256) 


varchar(256) 


Notes 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for delegation 

1 = Delegated / scan in progress 

2 = Scan file transfer in progress 

3 = Database update in progress 

4 = Current - scan process complete 
5 = Database update pending 

6 = Previous 

7 = Retained 


Flag indicating that the Windows 
share has ABE enabled 


Name of agent that performed the 
scan 


Number of files in the scan 
Number of directories in the scan 


Number of links (junctions, 
symbolic links, reparse points) in the 
scan 


Notes 


Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


Full UNC path to the file system 
entry 


Trustee’s Identity System name 


Trustee’s Active Directory domain 
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Column Name SQL Server Data 


Type 
trustee_name nvarchar(256) 
trustee_fdn nvarchar(512) 
trustee_display_name nvarchar(max) 
trustee_type integer 
sid varbinary(68) 
access_mask integer 
access_mask_string nvarchar(128) 
basic_permissions nvarchar(128) 
ace_type smallint 
ace_type_string nvarchar(128) 
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PosgreSQL Data 
Type 


varchar(256) 
varchar(512) 
text 


integer 


bytea 


integer 


varchar(128) 
varchar(128) 


smallint 


varchar(128) 


Notes 


SAMAccount name 
Full distinguished name 
DOMAIN\SAMAccount 


0 = Unknown / Other 
1 = User 

2 = Group 

3 = Computer 


0x1 = Read Data / List Directory 
0x2 = Write Data / Create File 


0x4 = Append Data / Create 
Subdirectory 


0x8 = Read Extended Attributes 
0x10 = Write Extended Attributes 
0x20 = File Execute / Traverse 
0x40 = Delete Child 

0x80 = Read Attributes 

0x100 = Write Attributes 
0x10000 = Delete 

0x20000 = Read Permissions 
0x40000 = Change Permissions 
0x80000 = Change Owner 
0x100000 = Synchronize 


0x1000000 = Access System 
Security 


0x10000000 = Generic All 
0x20000000 = Generic Execute 
0x40000000 = Generic Write 
0x80000000 = Generic Read 


See srs.access_mask_string 
See srs.access_mask_basic_string 


0 = Access Allowed 

1 = Access Denied 

2 = System Audit 

9 = Allowed Callback 

10 = Denied Callback 

13 = System Audit Callback 
17 = System Mandatory Label 


See srs.ace_type_string 


Column Name 


ace_flags 


ace flags string 
idx 


parent_idx 


path_depth 


ns_left 


ns_right 


scan_id 
scan_data_id 


path_type 


status_code 
identity_system_id 
scan_target_id 


ad_object_id 


SQL Server Data PosgreSQL Data 


Type Type 
smallint 

nvarchar(128) varchar(128) 
integer integer 
integer integer 
integer integer 
integer integer 
integer integer 
integer integer 
bigint bigint 
integer integer 
integer integer 
integer integer 
integer integer 
integer integer 


Notes 


Ox1 = Object Inherit 

0x2 = Container Inherit 
0x4 = No Propagate 

Ox8 = Inherit Only 

0x10 = Inherited 

0x40 = Successful Access 
0x80 = Failed Access 


See srs.ace_flags_ string 
Scan index; unique per scan 


Parent index. Used for hierarchical 
relation processing 


Entry depth with respect to the 
scan target’s root path 


Nested-set Left index — used for 
hierarchical relation processing 


Nested-set Right index — used for 
hierarchical relation processing 


Reference to scans table 
Reference to scan_data table 
0 = Unknown 

1= File 

2 = Directory 


3 = File Symbolic Link 
4 = Directory Symbolic Link 


5 = Junction 

6 = Mount Point 
7 = Share 

8 = Volume 

9 = DFS Link 

10 = DFS Folder 
11 = DFS Root 
12 = HSM Stub 


13 = Reparse Point Unknown 
17 = Single Instance Storage Stub 
18 = Named Stream 


Reference to identity_systems table 


Reference to scan_targets table 


Reference to ad_objects table 
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3.2.12 


Table 3-24 Baseline Permissions Scans View 


Column Name 


id 

scan_id 
identity_system 
domain 

server 
scan_target 


platform 


filesystem 


scan_type 


progress_status 


identity _system_id 
scan_target_id 
status_code 


ntfs_abe_enabled 


agent 


directory_count 
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SQL Server Data 
Type 


bigint 

integer 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 
nvarchar(256) 


smallint 


smallint 


integer 


integer 


integer 
integer 
integer 


bit 


nvarchar(256) 


integer 


SRS.BASELINE_PERMISSIONS_SCANS 


PosgreSQL Data 
Type 


bigint 
integer 
varchar(256) 
varchar(256) 
varchar(256) 
varchar(256) 


smallint 


smallint 


integer 


integer 


integer 
integer 
integer 


boolean 


varchar(256) 


integer 


Notes 


Primary key 

Reference to scans table 
Identity system name 

Active Directory domain 
Server name 

UNC root path for scan target 


0 = Unknown 
1 = Windows 


0 = Unknown 
1 = NTFS 


Should always be 2 


-2 = Waiting for retry 

-1 = Ready for cleanup 

0 = Waiting for delegation 

1 = Delegated / scan in progress 

2 = Scan file transfer in progress 

3 = Database update in progress 

4 = Current - scan process complete 
5 = Database update pending 

6 = Previous 

7 = Retained 


Reference to identity_systems table 


Reference to scan_targets table 


Flag indicating that the Windows 
share has ABE enabled 


Name of agent that performed the 
scan 


Number of directories in the scan 


3.3 


3.3.1 


Functions 


¢ Section 3.3.1, “SRS.ACCESS_MASK_BASIC_STRING,” on page 75 
> Section 3.3.2, “SRS.ACCESS MASK_STRING,” on page 77 

+ Section 3.3.3, “SRS.AD_ACCOUNT_NAME,” on page 79 

* Section 3.3.4, “SRS.ACE_FLAGS_STRING,” on page 79 

+ Section 3.3.5, “SRS.ACE_TYPE_STRING,” on page 80 

+ Section 3.3.6, “SRS.ATTRIBUTE_STRING,” on page 81 

+ Section 3.3.7, “SRS.BYTE_STRING,” on page 82 

+ Section 3.3.8, “SRS.BYTE_UNIT_STRING,” on page 83 

> Section 3.3.9, “SRS.BYTES_TO_HEX_STRING,” on page 83 
+ Section 3.3.10, “SRS.HEX_STRING_TO_BYTES,” on page 84 
+ Section 3.3.11, “SRS.GUID_BYTES,” on page 84 

+ Section 3.3.12, “SRS.GUID_TEXT,” on page 85 

+ Section 3.3.13, “SRS.PATH_HASH,” on page 85 

+ Section 3.3.14, “SRS.SID_BYTES,” on page 85 

+ Section 3.3.15, “SRS.SID_TEXT,” on page 86 


SRS.ACCESS_MASK_BASIC_STRING 


Parameters SQL Server PostgreSQL 
@mask integer integer 
@path_type integer integer 
Return Value nvarchar(128) varchar(128) 


Description: Converts an NTFS access mask value to its basic permissions string equivalent. 


Note that the values displayed here are functionally equivalent to what is seen in the primary 
window of the security tab for an NTFS file system entry: 
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| | Previous Versions | Customize 
General [Sharing | 
Object name: E:\pgsql\9.3\data 


Group or user names: 
$2 CREATOR OWNER 
$2 SYSTEM 


È Administrator 
$2, Administrators (DB'Administrators) 
< m 


To change permissions, click Edit. 


Permissions for ccpgsal93 
Full control 


¢ Entries having permissions that do not fit the basic permissions (such as Special permissions) 
include an asterisk *. 


+ The path_type is required since the same flags represent different semantic values for folders, 
files and shares. Path type must be one of 1 (file), 2 (folder) or 7 (share). 


+ Permissions flags are mapped to one or more of the following values: 
+ Full Control 
+ Modify 
+ Read & Execute 
¢ List Folder Contents (Folders only) 
+ Read 
+ Write 


+ Special Permissions 
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Example (SQL Server) 


SELECT TOP(100) 
sd.fullpath, 
srs.access_ mask basic _stringí(ntfs.access_ mask, 2) AS basic permissions 
FROM srs.ntfs_aces AS ntfs 
JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data_id 
WHERE sd.path_type = 2; 


Example (PostgreSQL) 


SELECT 
sd.fullpath, 
srs.access_mask_basic_string(ntfs.access mask, 2) AS basic_ 
FROM srs.ntfs_aces AS ntfs 
JOIN srs.scan_data AS sd ON 50.10 = ntfs.scan_data_id 
WHERE sd.path_type = 2 
LIMIT 100; 


3.3.2 SRS.ACCESS_MASK_STRING 


Parameters SQL Server PostgreSQL 
@mask integer integer 
@path_type integer integer 
Return Value nvarchar(128) varchar(128) 


Description: Converts an NTFS access mask value to its advanced permissions string equivalent. 


Note that the values displayed here are functionally equivalent to what is seen in the advanced 
section of the security tab for an NTFS file system entry: 
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Previous Versions | Customize 


General | Sharing 
Object name: E:\pgsq/\9.3\data 


Group or user names: 


Name: E\pgsql\9.3\data 


Owner: administrator (DB\administrator) @ Change 


Permissions Auditing | Effective Access 


ŠR, CREATOR OWNER 
$2, SYSTEM 


$2, Administrators (DB\Administrators) 
< m 


To change pemissions, click Edit. 


Permissions for ccpgsql93 


For additional information, double-click a permission entry. To modify a permission entry, select the entry and click Edit (if available). 


Permission entries: 


Type Principal Access Inherited from Applies to 
&, Allow Administrators (DBVAdminist..... Full control This folder only 
È Allow  ccpgsql93 (DBiccpgsql93) Modify This folder, subfolders and files 
% Allow Administrators (DB'Administ... Full control This folder, subfolders and files - 
88 Allow SYSTEM Full control 


This folder, subfolders and files | 
2 Allow administrator (DB\administra... Full control ב‎ This folder only 


Él, Allow CREATOR OWNER Full control ב‎ Subfolders and files only 
Él, Allow Users (DB\Users) Read & execute This folder, subfolders and files 


Full control 

Modify 

Read & execute 
List folder contents 


88 Allow Users (DB\Users) Special This folder and subfolders Y 
Add : 
Disable inheritance 


Replace all child object permission entries with inheritable permission entries from this object 


E] 


+ The path_type is required since the same flags represent different semantic values for folders, 
files and shares. Path type must be one of 1 (file), 2 (folder) or 7 (share). 


4 


Flags correspond to the following values: 


0x00000001 Rd/Lf Read data / List folder 
0x00000002 Wd/Cf Write data / Create file 
00000004א0‎ Ad/Cs Append data / Create subdirectory 


0x00000008 Rx 
0x00000010 Wx 


0x00000020 Xf /Tf 


0x00000040 Ds 
0x00000080 Ra 
0x00000100 Wa 
0x00010000 De 
0x00020000 Rp 
0x00040000 Cp 
0x00080000 To 
0x00100000 Sy 
0x01000000 Ss 
0x10000000 Ga 
0x20000000 Ge 
0x40000000 Gw 
0x80000000 Gr 
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Read extended attributes 
Write extended attributes 
File execute / Traverse 
Delete child (subdirectory) 
Read attributes 

Write attributes 

Delete 

Read permissions 

Change permissions 
Change owner (take ownership) 
Synchronize 

Access system security 
Generic All 

Generic Execute 

Generic Write 

Generic Read 


3.3.3 


3.3.4 


Example (SQL Server) 


SELECT TOP(100 

sd.fullpath, 

srs.access_mask_stringíntfs.access_ mask, sd.path_type) AS 366655 1 
FROM srs.ntfs_aces AS ntfs 
JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data_id; 


Example (PostgreSQL) 


SELECT 

sd.fullpath, 

srs.access_ mask _stringíntfs.access_ mask, sd.path_type) AS access mask 
FROM srs.ntfs_aces AS ntfs 
JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data id 


LIMIT 100; 
SRS.AD_ACCOUNT_NAME 
Parameters SQL Server PostgreSQL 
@domain nvarchar(1024) varchar(1024) 
@name nvarchar(1024) varchar(1024) 
@sid binary(68) bytea 
Return Value nvarchar(max) text 


Description: Converts primary naming values for a Windows security principal to a display name. 


+ If domain is null or empty, the leading backslash is not included in the result. 
+ If the name is null or empty, the result value is the SDDL SID representation. 


+ If the SID is needed but is invalid, the return value is [Invalid SID]. 


Example 
SELECT srs.ad_account_name('BUILTIN', ‘Administrators’, null); 
SELECT srs.ad_account_name('', '', @x@1020000000000052000000020020000) ; 


SRS.ACE_FLAGS_ STRING 


Parameters SQL Server PostgreSQL 


@flags integer integer 
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Parameters SQL Server PostgreSQL 


Return Value nvarchar(128) varchar(128) 


Description: Converts the access mask flag to a string representation. Flags are converted as follows: 


0x001 (Ol) Object inherit 
0x002 (CI) Container inherit 
0x004 (NP) No propagate 
0x008 (IO) Inherit only 
0x010 (ID) Inherited 

0x040 (SA) Successful access 
0x080 (FA) Failed access 


Example (SQL Server) 


SELECT TOP(100 
sd.fullpath, 
srs.access_mask_string(ntfs.access mask, sd.path_type) AS access _ mask, 
srs.ace_flags string(ntfs.flags) AS ace_flags 

FROM srs.ntfs_aces AS ntfs 

JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data_id; 


Example (PostgreSQL) 


SELECT 
sd.fullpath, 
srs.access_mask_string(ntfs.access_ mask, sd.path_type) AS access_mask, 
srs.ace_flags string(ntfs.flags) AS ace_flags 

FROM srs.ntfs_aces AS ntfs 

JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data_id 

LIMIT 100; 


3.3.5 SRS.ACE_TYPE_STRING 


Parameters SQL Server PostgreSQL 
@ace_type integer integer 
Return Value nvarchar(128) varchar(128) 


Description: Converts the access mask type value to a corresponding text value. 
+ Flags correspond as follows: 


O Access Allowed 
1 Access Denied 
2 System Audit 
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3.3.6 


3 System Alarm 

4 Allowed Compound 

5 Allowed Object 

6 Denied Object 

7 System Audit Object 

8 System Alarm Object 

9 Allowed Callback 

10 Denied Callback 

11 Allowed Callback Object 

12 Denied Callback Object 

13 System Audit Callback 

14 System Alarm Callback 

15 System Audit Callback Object 
16 System Alarm Callback Object 
17 System Mandatory Label 


> For NTFS file systems, the primary values of concern are Allowed (0), Denied (1), Audit (2), and 


System Mandatory Label (17). 


Example (SQL Server) 


SELECT TOP(100 
sd.fullpath, 
srs.access_mask_string(ntfs.access mask, sd.path_type) AS access_mask, 
srs.ace_flags string(ntfs.flags) AS ace_flags, 
srs.ace type string(ntfs.ace type) AS ace type 
FROM srs.ntfs_aces AS ntfs 
JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data_id; 


Example (PostgreSQL) 


SELECT sd.fullpath, 
srs.access_ mask _stringíntfs.access_ mask, sd.path_type) AS access_ mask, 
srs.ace_ flags stringíntfs.flags) AS ace_flags, 
srs.ace type string(ntfs.ace type) AS ace type 

FROM srs.ntfs_aces AS ntfs 

JOIN srs.scan_data AS sd ON sd.id = ntfs.scan_data_id 
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LIMIT 100; 

SRS.ATTRIBUTE_STRING 

Parameters SQL Server PostgreSQL 
@flags integer integer 


Return Value nvarchar(256) varchar(256) 
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Description: Converts an attributes value to its equivalent string representation. Flags correspond to 
the following values: 


0x00000000 None 

Ro Read Only‏ = 00000001א0 
0x00000002 Ar Archive‏ 
Sy System‏ 00000004א0 

0x00000008 Hi Hidden 

Dr Directory‏ 00000010א0 
0x00000020 Co Compressed‏ 
Ol Offline‏ 00000040א0 

0x00000080 De NTFS device 
0x00000100 No NTFS Normal 
0x00000200 Te NTFS Temporary 
0x00000400 Sp NTFS Sparse File 
0x00000800 Rp NTFS Reparse Point 
0x00001000 Nc NTFS Not content indexed 
0x00002000 En NTFS Encrypted 
0x00004000 Vi NTFS Virtual 


Example (SQL Server) 


SELECT TOP(100) fullpath, srs.attribute_string(attributes) FROM srs.scan_data; 


Example (PostgreSQL) 


SELECT fullpath, srs.attribute_string(attributes) FROM srs.scan_data LIMIT 100; 


3.37 SRS.BYTE_STRING 


Parameters SQI Server PostgreSQL 
@size bigint bigint 
Return Value nvarchar(64) text 


Description: Converts a number to a string representation of the closest unit. 


+ The return value has a maximum precision of two decimal places. 


> Units include kilobyte (KB), megabyte (MB), gigabyte (GB), terabyte (TB), petabyte (PB) and 
exabyte (EB). 
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3.3.8 


3.3.9 


Example 


SELECT srs.byte_string( 1287168) 


SRS.BYTE_UNIT_STRING 

Parameters SQL Server PostgreSQL 
@size bigint bigint 
@unit nvarchar(10) text 
@precision integer integer 
Return Value nvarchar(64) text 


Description: Converts a number to a string representation of the specified unit with the specified 
precision. 


+ The specified precision is limited to a value from 0 to 3. Values outside this range will be 
adjusted to 0 or 3 accordingly. 
+ Unit specifiers are case insensitive and include: 
+ byte 
+ KB (kilobyte) 
+ MB (megabyte) 
+ GB (gigabyte) 
+ TB (terabyte) 
+ PB (petabyte) 
+ EB (exabyte) 


Example 


SELECT srs.byte_unit_string(12872@1, 'KB', 3 


SRS.BYTES_TO_HEX_STRING 


Parameters SQL Server PostgreSQL 
@byte_sequence varbinary(max) bytea 
Return Value nvarchar(max) text 


Description: Converts a byte sequence to its equivalent hex string representation. 


+ Returned hex string is lower case with no separators and no prefix. 
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Example 


SELECT 
srs.bytes_ to hex_string(ad.sid) 
FROM srs.ad_objects AS ad 


3.3.10 SRS.HEX_STRING_TO_BYTES 


Parameters SQL Server PostgreSQL 
@hex_string nvarchar(max) text 
Return Value varbinary (max) bytea 


Description: Converts a hex string to its equivalent hex string representation. 


+ Hex values A-F may be in upper or lower case. 


+ Hex string must be a proper string with an even number of characters — leading “0's are required 
for each hex value having a single digit. 


+ Do not include separators such as ‘-‘ between hex values. 


Example 


SELECT srs.hex_string_to bytes('0lab3d4407* 


3.3.11 SRS.GUID_BYTES 
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Parameters SQL Server PostgreSQL 
@guid_text nvarchar(38) varchar(38) 
Return Value varbinary(16) bytea 


Description: Converts a compatible guid text string to its equivalent binary representation. 
Recommended input format: {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXXJ. 


+ Surrounding braces are optional. 
+ Hex values A-F may be in upper or lower case. 


+ Hyphen separators must be present at the specified 4 locations, or not at all. 
Example 


SELECT srs.guid bytes('(12345678-1234-5678-9abc-123456789abc)") 
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3.3.13 


3.3.14 


SRS.GUID_TEXT 

Parameters SQL Server PostgreSQL 
@guid_binary varbinary(16) bytea 
Return Value nvarchar(38) varchar(38) 


Description: Converts a binary guid value to its equivalent string representation. Note that returned 


guid strings are in the format {XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX}. All hex values are 
returned with uppercase A-F. 


Example 


SELECT fdn, srs.guid text(guid) FROM srs.edir_objects WHERE id=1; 


SRS.PATH_HASH 

Parameters SQL Server PostgreSQL 
@path nvarchar(max) text 

Return Value binary(20) bytea 


Description: Returns the binary SHA-1 hash for a given path. 


+ The input path is first converted to lower-case. 


+ Useful for finding a fullpath in the srs.scan_data table using the fullpath_hash index. 


Example 


SELECT * FROM srs.scan_data 
WHERE fullpath_hash = srs.path_hash('\\server-1.ad.cctec.org\Users\user1" 


SRS.SID_BYTES 

Parameters SQL Server PostgreSQL 
@sid nvarchar(1024) varchar(1024) 
Return Value varbinary(68) bytea 


Description: Converts an SDDL representation of a Security Identifier value to its binary form. 
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Input SID values must be in proper SDDL form. 


Example 


SELECT * FROM srs.ad_objects WHERE srs.sid bytes(*S-1-5-32-544') = sid; 


3.3.15 SRS.SID_TEXT 


Parameters SQL Server PostgreSQL 
@sid_bytes varbinary(68) bytea 
Return Value nvarchar(1024) varchar(1024) 


Description: Converts binary Security Identifier to its SDDL string representation. 


Example 


SELECT domain, name, srs.sid text(sid) FROM srs.ad_objects 
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